CVE-2008-1387
published 2008-04-16CVE-2008-1387: ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
4.35%
90.0th percentile
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| clamav | clamav | >= 0 < 0.92.1~dfsg2-1 | 0.92.1~dfsg2-1 |
| debian | clamav | < clamav 0.92.1~dfsg2-1 (bookworm) | clamav 0.92.1~dfsg2-1 (bookworm) |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
clamav: Endless loop / hang with crafted arj
vendor_redhat·2008-05-15·CVSS 4.3
CVE-2008-1387 [MEDIUM] clamav: Endless loop / hang with crafted arj
clamav: Endless loop / hang with crafted arj
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Debian
CVE-2008-1387: clamav - ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU con...
vendor_debian·2008·CVSS 4.3
CVE-2008-1387 [MEDIUM] CVE-2008-1387: clamav - ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU con...
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Scope: local
bookworm: resolved (fixed in 0.92.1~dfsg2-1)
bullseye: resolved (fixed in 0.92.1~dfsg2-1)
forky: resolved (fixed in 0.92.1~dfsg2-1)
sid: resolved (fixed in 0.92.1~dfsg2-1)
trixie: resolved (fixed in 0.92.1~dfsg2-1)
GHSA
GHSA-g83c-vr3x-94r4: ClamAV before 0
ghsa_unreviewed·2022-05-01
CVE-2008-1387 [MEDIUM] GHSA-g83c-vr3x-94r4: ClamAV before 0
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
OSV
CVE-2008-1387: ClamAV before 0
osv·2008-04-16·CVSS 4.3
CVE-2008-1387 [MEDIUM] CVE-2008-1387: ClamAV before 0
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
No detection rules found.
No public exploits indexed.
http://int21.de/cve/CVE-2008-1387-clamav.htmlhttp://kolab.org/security/kolab-vendor-notice-20.txthttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29863http://secunia.com/advisories/29891http://secunia.com/advisories/29975http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.htmlhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/http://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/archive/1/490863/100/0/threadedhttp://www.securityfocus.com/bid/28782http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41822https://www.clamav.net/bugzilla/show_bug.cgi?id=897https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlhttp://int21.de/cve/CVE-2008-1387-clamav.htmlhttp://kolab.org/security/kolab-vendor-notice-20.txthttp://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29863http://secunia.com/advisories/29891http://secunia.com/advisories/29975http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.htmlhttp://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/http://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/archive/1/490863/100/0/threadedhttp://www.securityfocus.com/bid/28782http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41822https://www.clamav.net/bugzilla/show_bug.cgi?id=897https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html
2008-04-16
Published