CVE-2006-1989
published 2006-05-01CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code…
PriorityP428medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EPSS
5.81%
92.2th percentile
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clamav | clamav | >= 0 < 0.88.2 | 0.88.2 |
| clamav | clamav | >= 0 < 0.88.2 | 0.88.2 |
| clamav | clamav | >= 0 < 0.88.2 | 0.88.2 |
| clamav | clamav | >= 0 < 0.88.2 | 0.88.2 |
| debian | clamav | < clamav 0.88.2 (bookworm) | clamav 0.88.2 (bookworm) |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM
vendor_debian5.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-66xq-fpgf-chwg: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0
ghsa_unreviewed·2022-05-01
CVE-2006-1989 [MEDIUM] GHSA-66xq-fpgf-chwg: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
OSV
CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0
osv·2006-05-01·CVSS 5.1
CVE-2006-1989 [MEDIUM] CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Debian
CVE-2006-1989: clamav - Buffer overflow in the get_database function in the HTTP client in Freshclam in ...
vendor_debian·2006·CVSS 5.1
CVE-2006-1989 [MEDIUM] CVE-2006-1989: clamav - Buffer overflow in the get_database function in the HTTP client in Freshclam in ...
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Scope: local
bookworm: resolved (fixed in 0.88.2)
bullseye: resolved (fixed in 0.88.2)
forky: resolved (fixed in 0.88.2)
sid: resolved (fixed in 0.88.2)
trixie: resolved (fixed in 0.88.2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://kolab.org/security/kolab-vendor-notice-09.txthttp://lists.apple.com/archives/security-announce/2006/Jun/msg00000.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-May/0004.htmlhttp://secunia.com/advisories/19874http://secunia.com/advisories/19880http://secunia.com/advisories/19912http://secunia.com/advisories/19963http://secunia.com/advisories/19964http://secunia.com/advisories/20117http://secunia.com/advisories/20159http://secunia.com/advisories/20877http://securitytracker.com/id?1016392http://www.clamav.net/security/0.88.2.htmlhttp://www.debian.org/security/2006/dsa-1050http://www.gentoo.org/security/en/glsa/glsa-200605-03.xmlhttp://www.kb.cert.org/vuls/id/599220http://www.mandriva.com/security/advisories?name=MDKSA-2006:080http://www.novell.com/linux/security/advisories/2006_05_05.htmlhttp://www.osvdb.org/25120http://www.securityfocus.com/bid/17754http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1586http://www.vupen.com/english/advisories/2006/2566https://exchange.xforce.ibmcloud.com/vulnerabilities/26182http://kolab.org/security/kolab-vendor-notice-09.txthttp://lists.apple.com/archives/security-announce/2006/Jun/msg00000.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-May/0004.htmlhttp://secunia.com/advisories/19874http://secunia.com/advisories/19880http://secunia.com/advisories/19912http://secunia.com/advisories/19963http://secunia.com/advisories/19964http://secunia.com/advisories/20117http://secunia.com/advisories/20159http://secunia.com/advisories/20877http://securitytracker.com/id?1016392http://www.clamav.net/security/0.88.2.htmlhttp://www.debian.org/security/2006/dsa-1050http://www.gentoo.org/security/en/glsa/glsa-200605-03.xmlhttp://www.kb.cert.org/vuls/id/599220http://www.mandriva.com/security/advisories?name=MDKSA-2006:080http://www.novell.com/linux/security/advisories/2006_05_05.htmlhttp://www.osvdb.org/25120http://www.securityfocus.com/bid/17754http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1586http://www.vupen.com/english/advisories/2006/2566https://exchange.xforce.ibmcloud.com/vulnerabilities/26182
2006-05-01
Published