CVE-2008-1836 — Anti-virus Clamav vulnerability

6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
5.9%
top 9.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Clam Anti-virus Clamav
Timeline
PublishedApr 16
Latest updateMay 1

Description

The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDclam_anti-virus/clamav8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-2g4m-frjw-86jj: The rfc2231 function in message↗2022-05-01
â–¶
CVEList
CVE-2008-1836: The rfc2231 function in message↗2008-04-16
â–¶

📋Vendor Advisories

2
Red Hat
clamav: DoS via not null terminated string in rfc2231↗2008-04-15
â–¶
Debian
CVE-2008-1836: clamav - The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remo...↗2008
â–¶

💬Community

1
Bugzilla
CVE-2008-1836 clamav: DoS via not null terminated string in rfc2231↗2008-04-16
â–¶
CVE-2008-1836 — Clam Anti-virus Clamav vulnerability | cvebase