CVE-2004-0398 — cadaver - buffer overflow

Description

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

How to fix CVE-2004-0398

To remediate CVE-2004-0398, upgrade the affected package to a fixed version below.

Debian/cadaver—upgrade to 0.22.1-3 or later
Debian/cadaver—upgrade to 0.18.0-1woody3 or later
Debian/neon—upgrade to 0.19.3-2woody5 or later

Is CVE-2004-0398 being exploited?

Low — EPSS is 4.8%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.22.1-3
from 0, < 0.18.0-1woody3
from 0, < 0.19.3-2woody5

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-0398