FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

neon date parsing vulnerability

Affected packages
neon < 0.24.5_1
sitecopy <= 0.13.4_1


VuXML ID 8d075001-a9ce-11d8-9c6d-0020ed76ef5a
Discovery 2004-05-19
Entry 2004-05-19
Modified 2004-06-25

Stefan Esser reports:

A vulnerability within a libneon date parsing function could cause a heap overflow which could lead to remote code execution, depending on the application using libneon.

The vulnerability is in the function ne_rfc1036_parse, which is in turn used by the function ne_httpdate_parse. Applications using either of these neon functions may be vulnerable.


CVE Name CVE-2004-0398