CVE-2008-1837
published 2008-04-16CVE-2008-1837: libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
4.76%
90.8th percentile
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | <= 0.92.1 | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
| clam_anti-virus | clamav | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v8q7-7qwm-fxx3: libclamunrar in ClamAV before 0
ghsa_unreviewed·2022-05-01
CVE-2008-1837 [MEDIUM] GHSA-v8q7-7qwm-fxx3: libclamunrar in ClamAV before 0
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Red Hat
clamav: DoS via crafted RAR archive
vendor_redhat·2008-04-15·CVSS 5.0
CVE-2008-1837 [MEDIUM] clamav: DoS via crafted RAR archive
clamav: DoS via crafted RAR archive
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Debian
CVE-2008-1837: clamav - libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of ...
vendor_debian·2008·CVSS 5.0
CVE-2008-1837 [MEDIUM] CVE-2008-1837: clamav - libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of ...
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29891http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41870https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.htmlhttp://secunia.com/advisories/29891http://secunia.com/advisories/30328http://secunia.com/advisories/31576http://secunia.com/advisories/31882http://security.gentoo.org/glsa/glsa-200805-19.xmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:088http://www.securityfocus.com/bid/28784http://www.us-cert.gov/cas/techalerts/TA08-260A.htmlhttp://www.vupen.com/english/advisories/2008/1227/referenceshttp://www.vupen.com/english/advisories/2008/2584https://exchange.xforce.ibmcloud.com/vulnerabilities/41870https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898
2008-04-16
Published