CVE-2008-3914 — Sensitive Information Exposure in Clamav

CWE-200 — Sensitive Information Exposure8 documents8 sources

Severity

10.0CRITICALNVD

EPSS

1.9%

top 16.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Msrc CBL Mariner 1.0 ARM +1 more

Timeline

PublishedSep 11

Latest updateMay 2

Description

Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶debiandebian/clamav< clamav 0.94.dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.94.dfsg-1+3

▶NVDclamav/clamav0.93.3

▶msrcmsrc/cbl_mariner_1.0_arm

▶msrcmsrc/cbl_mariner_1.0_x64

Patches

Patch: sourceforge.net ↗Patch: www.securityfocus.com ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-3qxg-frxh-f5j5: Multiple unspecified vulnerabilities in ClamAV before 0↗2022-05-02

▶

OSV

CVE-2008-3914: Multiple unspecified vulnerabilities in ClamAV before 0↗2008-09-11

▶

💥Exploits & PoCs

Exploit-DB

Rocket Servergraph Admin Center - fileRequestor Remote Code Execution (Metasploit)↗2014-06-18

▶

📋Vendor Advisories

Microsoft

CVE-2008-3914: NIST NVD Details: https://nvd↗2020-10-13

▶

Debian

CVE-2008-3914: clamav - Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact a...↗2008

▶

Red Hat

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗

▶

💬Community

Bugzilla

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗2008-09-08

▶