CVE-2008-6845Clamav vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
1.3%
top 20.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavDebian Clamav
Timeline
PublishedJul 2
Latest updateMay 14

Description

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.94.dfsg-1 (bookworm)
Debianclamav/clamav< 0.94.dfsg-1+3
NVDclamav/clamav0.93.3+74

🔴Vulnerability Details

2
GHSA
GHSA-jf69-v79x-2mpc: The unpack feature in ClamAV 02022-05-14
OSV
CVE-2008-6845: The unpack feature in ClamAV 02009-07-02

📋Vendor Advisories

1
Debian
CVE-2008-6845: clamav - The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause...2008