CVE-2006-1615
published 2006-04-06CVE-2006-1615: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code…
PriorityP346critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
11.35%
95.4th percentile
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clamav | clamav | <= 0.88 | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x32g-rfqc-j2m7: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0
ghsa_unreviewed·2022-05-01
CVE-2006-1615 [HIGH] CWE-134 GHSA-x32g-rfqc-j2m7: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
OSV
CVE-2006-1615: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0
osv·2006-04-06·CVSS 10.0
CVE-2006-1615 [CRITICAL] CVE-2006-1615: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
Debian
CVE-2006-1615: clamav - Multiple format string vulnerabilities in the logging code in Clam AntiVirus (Cl...
vendor_debian·2006·CVSS 10.0
CVE-2006-1615 [CRITICAL] CVE-2006-1615: clamav - Multiple format string vulnerabilities in the logging code in Clam AntiVirus (Cl...
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
Scope: local
bookworm: resolved (fixed in 0.88.1-1)
bullseye: resolved (fixed in 0.88.1-1)
forky: resolved (fixed in 0.88.1-1)
sid: resolved (fixed in 0.88.1-1)
trixie: resolved (fixed in 0.88.1-1)
No detection rules found.
http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.htmlhttp://secunia.com/advisories/19534http://secunia.com/advisories/19536http://secunia.com/advisories/19564http://secunia.com/advisories/19567http://secunia.com/advisories/19570http://secunia.com/advisories/19608http://secunia.com/advisories/20077http://secunia.com/advisories/23719http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638http://up2date.astaro.com/2006/05/low_up2date_6202.htmlhttp://www.debian.org/security/2006/dsa-1024http://www.gentoo.org/security/en/glsa/glsa-200604-06.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:067http://www.osvdb.org/24458http://www.securityfocus.com/bid/17388http://www.securityfocus.com/bid/17951http://www.trustix.org/errata/2006/0020http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1258http://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/25661http://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.htmlhttp://secunia.com/advisories/19534http://secunia.com/advisories/19536http://secunia.com/advisories/19564http://secunia.com/advisories/19567http://secunia.com/advisories/19570http://secunia.com/advisories/19608http://secunia.com/advisories/20077http://secunia.com/advisories/23719http://sourceforge.net/project/shownotes.php?release_id=407078&group_id=86638http://up2date.astaro.com/2006/05/low_up2date_6202.htmlhttp://www.debian.org/security/2006/dsa-1024http://www.gentoo.org/security/en/glsa/glsa-200604-06.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:067http://www.osvdb.org/24458http://www.securityfocus.com/bid/17388http://www.securityfocus.com/bid/17951http://www.trustix.org/errata/2006/0020http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1258http://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/25661
2006-04-06
Published