CVE-2008-6085

CWE-1893 documents3 sources

Severity

7.6HIGH

EPSS

10.5%

top 6.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure F-secure Anti-virus FOR Citrix Servers F-secure F-secure Anti-virus FOR Microsoft Exchange F-secure F-secure Anti-virus FOR Mimesweeper +14 more

Timeline

PublishedFeb 6

Latest updateMay 17

Description

Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, when configured to scan inside compressed archives, allows remote attackers to execute arbitrary code via a crafted RPM compressed archive file, which triggers a buffer overflow.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages10 packages

▶NVDf-secure/f-secure_anti-virus_linux_client_security5.54+3

▶NVDf-secure/f-secure_anti-virus_linux5.54+2

▶NVDf-secure/f-secure_anti-virus7 versions+6

▶NVDf-secure/f-secure_internet_security5 versions+4

▶NVDf-secure/f-secure_linux_security7.01

Patches

Patch: www.f-secure.com ↗Patch: www.f-secure.com ↗

🔴Vulnerability Details

GHSA

GHSA-5f3f-vggf-74fg: Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, wh↗2022-05-17

▶

CVEList

CVE-2008-6085: Integer overflow in multiple F-Secure anti-virus products, including Internet Security 2006 through 2008, Anti-Virus 2006 through 2008, and others, wh↗2009-02-06

▶