CVE-2005-3500 — Infinite Loop in Anti-virus Clamav

8 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

5.9%

top 9.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedNov 5

Latest updateMay 1

Description

The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.87.1-1+3

▶NVDclam_anti-virus/clamav33 versions+32

Patches

Patch: secunia.com ↗Patch: sourceforge.net ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3fq-7p2f-f5f3: The tnef_attachment function in tnef↗2022-05-01

▶

OSV

CVE-2005-3500: The tnef_attachment function in tnef↗2005-11-05

▶

CVEList

CVE-2005-3500: The tnef_attachment function in tnef↗2005-11-05

▶

💥Exploits & PoCs

Exploit-DB

PCMan FTP Server 2.0.7 - Remote (Metasploit)↗2013-07-22

▶

Exploit-DB

Mercury/32 < 4.01b - PH Server Module Buffer Overflow (Metasploit)↗2010-06-15

▶

Exploit-DB

Salim Gasmi GLD (Greylisting Daemon) 1.0 < 1.4 - Postfix Greylisting Buffer Overflow (Metasploit)↗2005-04-12

▶

📋Vendor Advisories

Debian

CVE-2005-3500: clamav - The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1...↗2005

▶