CVE-2004-0398 — Out-of-bounds Write in Cadaver

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.8%

top 10.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Webdav Cadaver Debian Cadaver Webdav Neon +1 more

Timeline

PublishedJul 7

Latest updateApr 29

Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶NVDwebdav/cadaver< 0.22.0

▶Debianwebdav/cadaver< 0.22.1-3+3

▶NVDwebdav/neon0.24.5

▶debiandebian/cadaver< cadaver 0.22.1-3 (bookworm)

Also affects: Debian Linux 3.0

🔴Vulnerability Details

GHSA

GHSA-rx95-529p-86fc: Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0↗2022-04-29

▶

OSV

CVE-2004-0398: Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0↗2004-07-07

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-05-19

▶

Debian

CVE-2004-0398: cadaver - Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the...↗2004

▶

💬Community

Bugzilla

CVE-2004-0398 security flaw↗2018-08-16

▶