CVE-2007-3023 — Anti-virus Clamav vulnerability

6 documents6 sources

Severity

10.0CRITICALNVD

EPSS

1.6%

top 18.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedJun 7

Latest updateMay 1

Description

unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianclamav/clamav< 0.90.3-1+3

▶NVDclam_anti-virus/clamav5 versions+4

Patches

Patch: wwws.clamav.net ↗Patch: wwws.clamav.net ↗

🔴Vulnerability Details

GHSA

GHSA-fvjg-w742-28hw: unsp↗2022-05-01

▶

CVEList

CVE-2007-3023: unsp↗2007-06-07

▶

OSV

CVE-2007-3023: unsp↗2007-06-07

▶

📋Vendor Advisories

Debian

CVE-2007-3023: clamav - unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calcula...↗2007

▶

💬Community

Bugzilla

clamav < 0.90.3 multiple vulnerabilities↗2007-06-21

▶