neon Security Vulnerabilities
This page documents known security vulnerabilities in
the neon HTTP/WebDAV client library. Any bug
which allows a violation of the
documented threat model is
treated as a vulnerabilities and a CVE
name obtained if necessary.
Known Vulnerabilities
- CVE-2007-0157:
A buffer under-read in the URI parser which allowed a malicious server
to crash the process.
Affected versions: 0.26.0, 0.26.1 and 0.26.2 only
- CVE-2004-0398:
A sscanf format issue in the ne_rfc1036_parse function.
Affected versions: 0.24.5 and earlier
- CVE-2004-0179:
A format string issue in XML/207 response error handling.
Affected versions: 0.24.4 and earlier