CVE-2005-1923 — Infinite Loop in Anti-virus Clamav

5 documents5 sources

Severity

2.6LOWNVD

EPSS

0.7%

top 28.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedJul 5

Latest updateMay 1

Description

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.86.1+3

▶NVDclam_anti-virus/clamav5 versions+4

Patches

Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-9rx9-vrwp-7vq4: The ENSURE_BITS macro in mszipd↗2022-05-01

▶

OSV

CVE-2005-1923: The ENSURE_BITS macro in mszipd↗2005-07-05

▶

CVEList

CVE-2005-1923: The ENSURE_BITS macro in mszipd↗2005-06-30

▶

📋Vendor Advisories

Debian

CVE-2005-1923: clamav - The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other ve...↗2005

▶