CVE-2007-4577

CWE-3993 documents3 sources

Severity

7.8HIGH

EPSS

5.4%

top 9.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sophos Anti-virus Sophos Scanning Engine Sophos Small Business Suite

Timeline

PublishedAug 28

Latest updateMay 1

Description

Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDsophos/anti-virus32 versions+31

▶NVDsophos/scanning_engine2.30.4, 2.40.2+1

▶NVDsophos/small_business_suite4.04, 4.05+1

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-pfx8-pjvm-pmjj: Sophos Anti-Virus for Unix/Linux before 2↗2022-05-01

▶

CVEList

CVE-2007-4577: Sophos Anti-Virus for Unix/Linux before 2↗2007-08-28

▶