neon Security Vulnerabilities

This page documents known security vulnerabilities in the neon HTTP/WebDAV client library. Any bug which allows a violation of the documented threat model is treated as a vulnerabilities and a CVE name obtained if necessary.

Known Vulnerabilities

• CVE-2007-0157: A buffer under-read in the URI parser which allowed a malicious server to crash the process.
  Affected versions: 0.26.0, 0.26.1 and 0.26.2 only
• CVE-2004-0398: A sscanf format issue in the ne_rfc1036_parse function.
  Affected versions: 0.24.5 and earlier
• CVE-2004-0179: A format string issue in XML/207 response error handling.
  Affected versions: 0.24.4 and earlier