CVE-2007-3699

3 documents3 sources

Severity

9.3CRITICAL

EPSS

2.4%

top 15.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Antivirus Scan Engine Symantec Brightmail Antispam Symantec Client Security +9 more

Timeline

PublishedOct 5

Latest updateMay 1

Description

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages12 packages

▶NVDsymantec/web_security16 versions+15

▶NVDsymantec/mail_security16 versions+15

▶NVDsymantec/client_security25 versions+24

▶NVDsymantec/norton_antivirus38 versions+37

▶NVDsymantec/brightmail_antispam7 versions+6

Patches

Patch: securityresponse.symantec.com ↗Patch: securityresponse.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-c2cf-m6mx-7rqm: The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the↗2022-05-01

▶

CVEList

CVE-2007-3699: The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the↗2007-10-05

▶