cbcvebase.
CVE-2006-1989
published 2006-05-01

CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code…

PriorityP428medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
5.81%
92.2th percentile
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.

Affected

7 ranges
VendorProductVersion rangeFixed in
clam_anti-virusclamav
clam_anti-virusclamav
clamavclamav>= 0 < 0.88.20.88.2
clamavclamav>= 0 < 0.88.20.88.2
clamavclamav>= 0 < 0.88.20.88.2
clamavclamav>= 0 < 0.88.20.88.2
debianclamav< clamav 0.88.2 (bookworm)clamav 0.88.2 (bookworm)

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.