CVE-2008-0318 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus Clamav

CWE-1898 documents7 sources

Severity

10.0CRITICALNVD

EPSS

15.6%

top 5.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedFeb 12

Latest updateMay 1

Description

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debianclamav/clamav< 0.92.1~dfsg-1+3

▶NVDclam_anti-virus/clamav0.92

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-4q4c-x269-7rpf: Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0↗2022-05-01

▶

OSV

CVE-2008-0318: Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0↗2008-02-12

▶

CVEList

CVE-2008-0318: Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0↗2008-02-12

▶

📋Vendor Advisories

Red Hat

Gnumeric: untrusted python modules search path↗2008-08-06

▶

Debian

CVE-2008-0318: clamav - Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1...↗2008

▶

Red Hat

clamav: Integer overflow in libclamav↗

▶

💬Community

Bugzilla

CVE-2008-0318 clamav: Integer overflow in libclamav↗2008-02-14

▶