Red Hat Bugzilla – Bug 427470
CVE-2007-6630 Netembryo NULL dereference
Last modified: 2008-03-28 06:33:42 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6630 to the following vulnerability:
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by
LScube Feng, allows remote attackers to cause a denial of service
(NULL dereference and daemon crash) via a malformed URI containing a
"/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
Reference: BUGTRAQ:20071227 Multiple vulnerabilities in Feng 0.1.15
Please update netembryon in rawhide, if the vector is pertinent for intended use
Already fixed in rawhide. F-8 and F-7 builds are in updates-testing.
Fixed long ago across the board.