CVE-2007-3123Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus Clamav

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
2.8%
top 13.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedJun 7
Latest updateMay 1

Description

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianclamav/clamav< 0.90.3-1+3
NVDclam_anti-virus/clamav6 versions+5

Patches

Patch: lurker.clamav.netPatch: wwws.clamav.netPatch: lurker.clamav.net

🔴Vulnerability Details

3
GHSA
GHSA-x4f5-q2qx-hmgg: unrar2022-05-01
CVEList
CVE-2007-3123: unrar2007-06-07
OSV
CVE-2007-3123: unrar2007-06-07

📋Vendor Advisories

1
Debian
CVE-2007-3123: clamav - unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remo...2007
CVE-2007-3123 — Clam Anti-virus Clamav vulnerability | cvebase