PT-2008-5105 · Neon · Neon

Joe Orton

Published

2008-08-27

Updated

2024-06-15

CVE-2008-3746

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions neon versions 0.28.0 through 0.28.2

Description The issue allows remote servers to cause a denial of service, resulting in a NULL pointer dereference and crash. This is related to Digest authentication, specifically the Digest domain parameter support, and the parse domain function.

Recommendations For versions 0.28.0 through 0.28.2, consider disabling Digest authentication as a temporary workaround until a patch is available. Restrict access to the parse domain function to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2008-3746

OPENSUSE-SU-2024:11080-1

Affected Products

Neon

PT-2008-5105 · Neon · Neon

CVE-2008-3746

Related Identifiers

Affected Products

References · 26