CVE-2008-1836
published 2008-04-16CVE-2008-1836: The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.55%
87.8th percentile
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| debian | clamav | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
clamav: DoS via not null terminated string in rfc2231
vendor_redhat·2008-04-15·CVSS 4.3
CVE-2008-1836 [MEDIUM] clamav: DoS via not null terminated string in rfc2231
clamav: DoS via not null terminated string in rfc2231
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Debian
CVE-2008-1836: clamav - The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remo...
vendor_debian·2008·CVSS 4.3
CVE-2008-1836 [MEDIUM] CVE-2008-1836: clamav - The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remo...
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-2g4m-frjw-86jj: The rfc2231 function in message
ghsa_unreviewed·2022-05-01
CVE-2008-1836 [MEDIUM] GHSA-2g4m-frjw-86jj: The rfc2231 function in message
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29891http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41868https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlhttps://wwws.clamav.net/bugzilla/show_bug.cgi?id=881http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29891http://secunia.com/advisories/30253http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41868https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.htmlhttps://wwws.clamav.net/bugzilla/show_bug.cgi?id=881
2008-04-16
Published