CVE-2004-0398

cadaver < 0.22.0 - Remote Code Execution via ne_rfc1036_parse Date Parsing

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

References (18)

Core 18
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11638
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11673
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/6302
Broken Link mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11650
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108500057108022&w=2
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-13.xml
Broken Link third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/o-148.shtml
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-15.xml
Third Party Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:049
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10385
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-506
Broken Link vendor-advisory x_refsource_fedora
https://bugzilla.fedora.us/show_bug.cgi?id=1552
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16192
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2004/dsa-507
Broken Link vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000841
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108498433632333&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-191.html

Scores

EPSS 0.0502
EPSS Percentile 91.3%

Details

CWE
CWE-787
Status published
Products (3)
debian/debian_linux 3.0
webdav/cadaver < 0.22.0
webdav/neon < 0.24.5
Published Jul 07, 2004
Tracked Since Feb 18, 2026