CVE-2008-0314Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus Clamav

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-732Incorrect Permission AssignmentCWE-228Improper Handling of Syntactically Invalid Structure13 documents7 sources
Severity
7.5HIGHNVD
EPSS
24.0%
top 3.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedApr 16
Latest updateMay 1

Description

Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianclamav/clamav< 0.92.1~dfsg2-1+3

🔴Vulnerability Details

3
GHSA
GHSA-q36h-8f75-xxcm: Heap-based buffer overflow in spin2022-05-01
CVEList
CVE-2008-0314: Heap-based buffer overflow in spin2008-04-16
OSV
CVE-2008-0314: Heap-based buffer overflow in spin2008-04-16

📋Vendor Advisories

5
Red Hat
kernel: qla2xxx NPIV vport management pseudofiles are world writable2010-01-19
Red Hat
gedit: untrusted python modules search path2008-08-06
Red Hat
clamav: PeSpin Heap Overflow Vulnerability2008-04-15
Debian
CVE-2008-0314: clamav - Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote...2008
Red Hat
kernel: ipv6_hop_jumbo remote system crash2007-09-07

💬Community

4
Bugzilla
CVE-2007-4567 kernel: ipv6_hop_jumbo remote system crash2009-12-18
Bugzilla
CVE-2008-0314 clamav: PeSpin Heap Overflow Vulnerability2008-04-16
Bugzilla
CVE-2007-5938 NULL dereference in iwl driver2007-11-15
Bugzilla
CVE-2007-5906 kernel-xen 3.1.1 virtual guest system denial of service (hypervisor crash) possibility2007-11-12
CVE-2008-0314 — Clam Anti-virus Clamav vulnerability | cvebase