Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0270 — Anti-virus Clamav vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

11.1%

top 6.52%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedNov 23

Latest updateApr 29

Description

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.80+3

▶NVDclam_anti-virus/clamav0.65

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mr7m-j7jh-35hw: libclamav in Clam AntiVirus 0↗2022-04-29

▶

OSV

CVE-2004-0270: libclamav in Clam AntiVirus 0↗2004-11-23

▶

CVEList

CVE-2004-0270: libclamav in Clam AntiVirus 0↗2004-09-01

▶

💥Exploits & PoCs

Exploit-DB

ClamAV Daemon 0.65 - UUEncoded Message Denial of Service↗2004-02-09

▶

📋Vendor Advisories

Debian

CVE-2004-0270: clamav - libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of se...↗2004

▶