CVE-2008-3913 — Missing Release of Memory after Effective Lifetime in Clamav

CWE-401 — Missing Release of Memory after Effective Lifetime7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

4.1%

top 11.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Debian Linux +2 more

Timeline

PublishedSep 11

Latest updateMay 2

Description

Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDclamav/clamav< 0.94

▶debiandebian/clamav< clamav 0.94.dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.94.dfsg-1+3

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Also affects: Debian Linux 4.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-cr5r-q6mh-hr56: Multiple memory leaks in freshclam/manager↗2022-05-02

▶

OSV

CVE-2008-3913: Multiple memory leaks in freshclam/manager↗2008-09-11

▶

📋Vendor Advisories

Microsoft

CVE-2008-3913: NIST NVD Details: https://nvd↗2020-10-13

▶

Debian

CVE-2008-3913: clamav - Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow a...↗2008

▶

Red Hat

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗

▶

💬Community

Bugzilla

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗2008-09-08

▶