CVE-2008-3746
published 2008-08-27CVE-2008-3746: neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.27%
80.8th percentile
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neon27 | < neon27 0.28.2-4 (bookworm) | neon27 0.28.2-4 (bookworm) |
| webdav | neon | — | — |
| webdav | neon | — | — |
| webdav | neon | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
neon vulnerabilities
vendor_ubuntu·2009-09-21
CVE-2008-3746 neon vulnerabilities
Title: neon vulnerabilities
Summary: neon vulnerabilities
Joe Orton discovered that neon did not correctly handle SSL certificates
with zero bytes in the Common Name. A remote attacker could exploit this
to perform a machine-in-the-middle attack to view sensitive information or
alter encrypted communications.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
neon: NULL ptr dereference in the Digest authentication support (DoS possible)
vendor_redhat·2008-08-15·CVSS 4.3
CVE-2008-3746 [MEDIUM] neon: NULL ptr dereference in the Digest authentication support (DoS possible)
neon: NULL ptr dereference in the Digest authentication support (DoS possible)
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
Statement: Not vulnerable. This issue did not affect the versions of neon as shipped with Red Hat Enterprise Linux 4, or 5.
Debian
CVE-2008-3746: neon27 - neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (N...
vendor_debian·2008·CVSS 4.3
CVE-2008-3746 [MEDIUM] CVE-2008-3746: neon27 - neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (N...
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
Scope: local
bookworm: resolved (fixed in 0.28.2-4)
bullseye: resolved (fixed in 0.28.2-4)
forky: resolved (fixed in 0.28.2-4)
sid: resolved (fixed in 0.28.2-4)
trixie: resolved (fixed in 0.28.2-4)
GHSA
GHSA-7mww-385g-p2jf: neon 0
ghsa_unreviewed·2022-05-02
CVE-2008-3746 [MEDIUM] GHSA-7mww-385g-p2jf: neon 0
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
OSV
CVE-2008-3746: neon 0
osv·2008-08-27·CVSS 4.3
CVE-2008-3746 [MEDIUM] CVE-2008-3746: neon 0
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.htmlhttp://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/31508http://secunia.com/advisories/31687http://secunia.com/advisories/32286http://secunia.com/advisories/36799http://www.mandriva.com/security/advisories?name=MDVSA-2009:074http://www.openwall.com/lists/oss-security/2008/08/15/4http://www.openwall.com/lists/oss-security/2008/08/20/2http://www.openwall.com/lists/oss-security/2008/08/20/5http://www.securityfocus.com/bid/30710http://www.securitytracker.com/id?1020725http://www.ubuntu.com/usn/usn-835-1http://www.vupen.com/english/advisories/2008/2420https://exchange.xforce.ibmcloud.com/vulnerabilities/44511https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571http://lists.manyfish.co.uk/pipermail/neon/2008-August/000038.htmlhttp://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlhttp://secunia.com/advisories/31508http://secunia.com/advisories/31687http://secunia.com/advisories/32286http://secunia.com/advisories/36799http://www.mandriva.com/security/advisories?name=MDVSA-2009:074http://www.openwall.com/lists/oss-security/2008/08/15/4http://www.openwall.com/lists/oss-security/2008/08/20/2http://www.openwall.com/lists/oss-security/2008/08/20/5http://www.securityfocus.com/bid/30710http://www.securitytracker.com/id?1020725http://www.ubuntu.com/usn/usn-835-1http://www.vupen.com/english/advisories/2008/2420https://exchange.xforce.ibmcloud.com/vulnerabilities/44511https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00367.html
2008-08-27
Published