CVE-2007-3024 — Anti-virus Clamav vulnerability

6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 80.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedJun 7

Latest updateMay 1

Description

libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.90.3-1+3

▶NVDclam_anti-virus/clamav6 versions+5

Patches

Patch: lurker.clamav.net ↗Patch: wwws.clamav.net ↗Patch: lurker.clamav.net ↗

🔴Vulnerability Details

GHSA

GHSA-hxj4-xq5m-hh5h: libclamav/others↗2022-05-01

▶

OSV

CVE-2007-3024: libclamav/others↗2007-06-07

▶

CVEList

CVE-2007-3024: libclamav/others↗2007-06-07

▶

📋Vendor Advisories

Debian

CVE-2007-3024: clamav - libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure...↗2007

▶

💬Community

Bugzilla

clamav < 0.90.3 multiple vulnerabilities↗2007-06-21

▶