CVE-2005-1530

3 documents3 sources

Severity

5.0MEDIUM

EPSS

6.0%

top 9.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Sophos Anti-virus Sophos Sophos Mailmonitor Sophos Sophos Puremessage Anti-virus +1 more

Timeline

PublishedJul 19

Latest updateMay 1

Description

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDsophos/sophos_anti-virus14 versions+13

▶NVDsophos/sophos_puremessage_anti-virus4.6

▶NVDsophos/sophos_mailmonitor2.0, 2.1+1

▶NVDsophos/sophos_small_business_suite1.0

Patches

Patch: www.idefense.com ↗Patch: www.securityfocus.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-524j-6vx2-r98f: Sophos Anti-Virus 5↗2022-05-01

▶

CVEList

CVE-2005-1530: Sophos Anti-Virus 5↗2005-07-19

▶