FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

neon -- NULL pointer dereference in Digest domain support

Affected packages
neon28 < 0.28.3

Details

VuXML ID 755fa519-80a9-11dd-8de5-0030843d3802
Discovery 2008-08-15
Entry 2008-09-12

Joe Orton reports:

A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service.

[source]

References

Bugtraq ID 30710
CVE Name CVE-2008-3746
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
URL http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.