CVE-2004-0398 Information

Feb 14, 2021 cve

Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier as used by cadaver before 0.22 allows remote WebDAV servers to execute arbitrary code on the client.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841 http://marc.info/?l=bugtraq&m=108498433632333&w=2 http://marc.info/?l=bugtraq&m=108500057108022&w=2 http://secunia.com/advisories/11638 http://secunia.com/advisories/11650 http://secunia.com/advisories/11673 http://security.gentoo.org/glsa/glsa-200405-13.xml http://security.gentoo.org/glsa/glsa-200405-15.xml http://www.ciac.org/ciac/bulletins/o-148.shtml http://www.debian.org/security/2004/dsa-506 http://www.debian.org/security/2004/dsa-507 http://www.mandriva.com/security/advisories?name=MDKSA-2004:049 http://www.osvdb.org/6302 http://www.redhat.com/support/errata/RHSA-2004-191.html http://www.securityfocus.com/bid/10385 https://bugzilla.fedora.us/show_bug.cgi?id=1552 https://exchange.xforce.ibmcloud.com/vulnerabilities/16192

Share on: