CVE-2008-3746

Severity

43%

Complexity

86%

Confidentiality

48%

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

WebDAV neon

First reported 16 years ago

2008-08-27 15:21:00

Last updated 7 years ago

2017-08-08 01:32:00

Affected Software

WebDAV neon 0.28.0

0.28.0

WebDAV neon 0.28.1

0.28.1

WebDAV neon 0.28.2

0.28.2

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571

[neon] 20080820 neon: release 0.28.3 (SECURITY)

Patch

[neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support

SUSE-SR:2008:017

31508

Vendor Advisory

31687

Vendor Advisory

32286

Vendor Advisory

36799

Vendor Advisory

MDVSA-2009:074

[oss-security] 20080815 CVE request for neon

[oss-security] 20080820 Re: CVE request for neon

[oss-security] 20080820 Re: CVE request for neon

30710

1020725

USN-835-1

ADV-2008-2420

Vendor Advisory

neon-digestauthentication-dos(44511)

FEDORA-2008-7661

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.