CVE-2005-1922 — Anti-virus Clamav vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 27.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedJul 5

Latest updateMay 1

Description

The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.86.1-1+3

▶NVDclam_anti-virus/clamav7 versions+6

Patches

Patch: sourceforge.net ↗Patch: www.idefense.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-j4m9-w48g-9r75: The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0↗2022-05-01

▶

OSV

CVE-2005-1922: The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0↗2005-07-05

▶

CVEList

CVE-2005-1922: The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0↗2005-06-30

▶

📋Vendor Advisories

Debian

CVE-2005-1922: clamav - The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote...↗2005

▶