CVE-2008-3215 — Anti-virus Clamav vulnerability

7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

6.6%

top 8.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedJul 18

Latest updateMay 1

Description

libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.93.1.dfsg-1.1+3

▶NVDclam_anti-virus/clamav13 versions+12

🔴Vulnerability Details

GHSA

GHSA-xfv3-wp5f-h673: libclamav/petite↗2022-05-01

▶

CVEList

CVE-2008-3215: libclamav/petite↗2008-07-18

▶

OSV

CVE-2008-3215: libclamav/petite↗2008-07-18

▶

📋Vendor Advisories

Red Hat

clamav: DoS / crash via crafted petite file (incomplete fix of CVE-2008-2713)↗2008-07-03

▶

Debian

CVE-2008-3215: clamav - libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a de...↗2008

▶

💬Community

Bugzilla

CVE-2008-3215 clamav: DoS / crash via crafted petite file (incomplete fix of CVE-2008-2713)↗2008-07-15

▶