CVE-2008-1837 — Anti-virus Clamav vulnerability

CWE-3996 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

10.0%

top 6.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clam Anti-virus Clamav

Timeline

PublishedApr 16

Latest updateMay 1

Description

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDclam_anti-virus/clamav0.92.1+63

🔴Vulnerability Details

GHSA

GHSA-v8q7-7qwm-fxx3: libclamunrar in ClamAV before 0↗2022-05-01

▶

CVEList

CVE-2008-1837: libclamunrar in ClamAV before 0↗2008-04-16

▶

📋Vendor Advisories

Red Hat

clamav: DoS via crafted RAR archive↗2008-04-15

▶

Debian

CVE-2008-1837: clamav - libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of ...↗2008

▶

💬Community

Bugzilla

CVE-2008-1837 clamav: DoS via crafted RAR archive↗2008-04-16

▶