CVE-2005-3229 — Clamav vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.3%

top 46.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Clamav

Timeline

PublishedOct 14

Latest updateMay 1

Description

Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶debiandebian/clamav

🔴Vulnerability Details

GHSA

GHSA-88r4-4c8p-j6xc: Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2005-3229: clamav - Multiple interpretation error in unspecified versions of ClamAV Antivirus allows...↗2005

▶