CVE-2006-4182
published 2006-10-16CVE-2006-4182: Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash)…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.74%
97.1th percentile
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
Affected
53 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | <= 0.88.4 | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f7j9-whhg-c5h7: Integer overflow in ClamAV 0
ghsa_unreviewed·2022-05-01
CVE-2006-4182 [HIGH] GHSA-f7j9-whhg-c5h7: Integer overflow in ClamAV 0
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
OSV
CVE-2006-4182: Integer overflow in ClamAV 0
osv·2006-10-16·CVSS 7.5
CVE-2006-4182 [HIGH] CVE-2006-4182: Integer overflow in ClamAV 0
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
Debian
CVE-2006-4182: clamav - Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, ...
vendor_debian·2006·CVSS 7.5
CVE-2006-4182 [HIGH] CVE-2006-4182: clamav - Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, ...
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
Scope: local
bookworm: resolved (fixed in 0.88.5-1)
bullseye: resolved (fixed in 0.88.5-1)
forky: resolved (fixed in 0.88.5-1)
sid: resolved (fixed in 0.88.5-1)
trixie: resolved (fixed in 0.88.5-1)
No detection rules found.
http://docs.info.apple.com/article.html?artnum=304829http://kolab.org/security/kolab-vendor-notice-13.txthttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://secunia.com/advisories/22370http://secunia.com/advisories/22421http://secunia.com/advisories/22488http://secunia.com/advisories/22498http://secunia.com/advisories/22537http://secunia.com/advisories/22551http://secunia.com/advisories/22626http://secunia.com/advisories/23155http://security.gentoo.org/glsa/glsa-200610-10.xmlhttp://securitytracker.com/id?1017068http://www.debian.org/security/2006/dsa-1196http://www.kb.cert.org/vuls/id/180864http://www.mandriva.com/security/advisories?name=MDKSA-2006:184http://www.novell.com/linux/security/advisories/2006_60_clamav.htmlhttp://www.securityfocus.com/bid/20535http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vupen.com/english/advisories/2006/4034http://www.vupen.com/english/advisories/2006/4136http://www.vupen.com/english/advisories/2006/4264http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/29607http://docs.info.apple.com/article.html?artnum=304829http://kolab.org/security/kolab-vendor-notice-13.txthttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://secunia.com/advisories/22370http://secunia.com/advisories/22421http://secunia.com/advisories/22488http://secunia.com/advisories/22498http://secunia.com/advisories/22537http://secunia.com/advisories/22551http://secunia.com/advisories/22626http://secunia.com/advisories/23155http://security.gentoo.org/glsa/glsa-200610-10.xmlhttp://securitytracker.com/id?1017068http://www.debian.org/security/2006/dsa-1196http://www.kb.cert.org/vuls/id/180864http://www.mandriva.com/security/advisories?name=MDKSA-2006:184http://www.novell.com/linux/security/advisories/2006_60_clamav.htmlhttp://www.securityfocus.com/bid/20535http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://www.vupen.com/english/advisories/2006/4034http://www.vupen.com/english/advisories/2006/4136http://www.vupen.com/english/advisories/2006/4264http://www.vupen.com/english/advisories/2006/4750https://exchange.xforce.ibmcloud.com/vulnerabilities/29607
2006-10-16
Published