CVE-2005-1923
published 2005-07-05CVE-2005-1923: The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU…
PriorityP411low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
1.62%
73.0th percentile
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clamav | clamav | >= 0 < 0.86.1 | 0.86.1 |
| clamav | clamav | >= 0 < 0.86.1 | 0.86.1 |
| clamav | clamav | >= 0 < 0.86.1 | 0.86.1 |
| clamav | clamav | >= 0 < 0.86.1 | 0.86.1 |
| debian | clamav | < clamav 0.86.1 (bookworm) | clamav 0.86.1 (bookworm) |
CVSS provenance
nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2005-1923: clamav - The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other ve...
vendor_debian·2005·CVSS 2.6
CVE-2005-1923 [LOW] CVE-2005-1923: clamav - The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other ve...
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
Scope: local
bookworm: resolved (fixed in 0.86.1)
bullseye: resolved (fixed in 0.86.1)
forky: resolved (fixed in 0.86.1)
sid: resolved (fixed in 0.86.1)
trixie: resolved (fixed in 0.86.1)
GHSA
GHSA-9rx9-vrwp-7vq4: The ENSURE_BITS macro in mszipd
ghsa_unreviewed·2022-05-01
CVE-2005-1923 [LOW] GHSA-9rx9-vrwp-7vq4: The ENSURE_BITS macro in mszipd
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
OSV
CVE-2005-1923: The ENSURE_BITS macro in mszipd
osv·2005-07-05·CVSS 2.6
CVE-2005-1923 [LOW] CVE-2005-1923: The ENSURE_BITS macro in mszipd
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2005-07-05
Published