FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3746

This CVE name corresponds to:

Entered Topic
2008-09-12 neon -- NULL pointer dereference in Digest domain support

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3746 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3746
Phase Assigned(20080820)

Description

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

References

Source Reference
MLIST [neon] 20080820 CVE-2008-3746: NULL pointer dereference in Digest domain support
MLIST [neon] 20080820 neon: release 0.28.3 (SECURITY)
MLIST [oss-security] 20080815 CVE request for neon
MLIST [oss-security] 20080820 Re: CVE request for neon
MLIST [oss-security] 20080820 Re: CVE request for neon
CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
FEDORA FEDORA-2008-7661
MANDRIVA MDVSA-2009:074
SUSE SUSE-SR:2008:017
UBUNTU USN-835-1
BID 30710
SECUNIA 36799
VUPEN ADV-2008-2420
SECTRACK 1020725
SECUNIA 31687
SECUNIA 32286
SECUNIA 31508
XF neon-digestauthentication-dos(44511)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.