CVE-2007-6596Improper Input Validation in Anti-virus Clamav

CWE-20Improper Input Validation7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 45.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedDec 31
Latest updateMay 1

Description

ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianclamav/clamav< 0.92.1~dfsg-1+3

🔴Vulnerability Details

3
GHSA
GHSA-m5g7-g5cj-mjrh: ClamAV 02022-05-01
CVEList
CVE-2007-6596: ClamAV 02007-12-31
OSV
CVE-2007-6596: ClamAV 02007-12-31

📋Vendor Advisories

2
Debian
CVE-2007-6596: clamav - ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote at...2007
Red Hat
clamav does not recognize Base64-UUEncoded files

💬Community

1
Bugzilla
CVE-2007-6596 clamav does not recognize Base64-UUEncoded files2008-01-02
CVE-2007-6596 — Improper Input Validation | cvebase