CVE-2009-1270

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-04-2009 06:30

Last modified: - 10-02-2022 05:25

Total changes: - 2

Description

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

7.8

Base score

10.0

6.9

Exploitability score

Impact score

Verification logic

vendor=clamav AND product=clamav AND versionEndExcluding=0.95

vendor=Debian AND product=debian_linux AND version=4.0

vendor=Debian AND product=debian_linux AND version=5.0

vendor=canonical AND product=ubuntu_linux AND version=8.10

Reference

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
[oss-security] 20090407 Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive-Mailing List, Third Party Advisory
53461-Broken Link
ADV-2009-0934-Third Party Advisory
USN-754-1-Third Party Advisory
34716-Third Party Advisory
DSA-1771-Third Party Advisory
MDVSA-2009:097-Third Party Advisory
34357-Third Party Advisory, VDB Entry
APPLE-SA-2009-09-10-2-Mailing List, Third Party Advisory
36701-Third Party Advisory
http://support.apple.com/kb/HT3865
clamav-untar-dos(49846)-Third Party Advisory, VDB Entry

Keywords

CVE-2009-1270

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1270

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures