CVE-2008-3912 — Clamav vulnerability

CWE-3997 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.3%

top 12.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Debian Linux +2 more

Timeline

PublishedSep 11

Latest updateMay 2

Description

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDclamav/clamav< 0.94

▶debiandebian/clamav< clamav 0.94.dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.94.dfsg-1+3

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Debian Linux 4.0

Patches

Patch: sourceforge.net ↗Patch: www.securityfocus.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-r92g-g2q8-jrqq: libclamav in ClamAV before 0↗2022-05-02

▶

OSV

CVE-2008-3912: libclamav in ClamAV before 0↗2008-09-11

▶

📋Vendor Advisories

Microsoft

CVE-2008-3912: NIST NVD Details: https://nvd↗2020-10-13

▶

Debian

CVE-2008-3912: clamav - libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (N...↗2008

▶

Red Hat

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗

▶

💬Community

Bugzilla

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗2008-09-08

▶