CVE-2009-1270 — Infinite Loop in Clamav

CWE-835 — Infinite Loop10 documents7 sources

Severity

7.8HIGHNVD

EPSS

3.9%

top 11.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 8

Latest updateMay 2

Description

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDclamav/clamav< 0.95

▶debiandebian/clamav< clamav 0.95.1+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.95.1+dfsg-1+3

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 8.10

🔴Vulnerability Details

GHSA

GHSA-rvqr-f374-3qqw: libclamav/untar↗2022-05-02

▶

OSV

CVE-2009-1270: libclamav/untar↗2009-04-08

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2009-04-07

▶

Debian

CVE-2009-1270: clamav - libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denia...↗2009

▶

Red Hat

clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)↗

▶

Red Hat

clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)↗

▶

Red Hat

clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)↗

▶

💬Community

Bugzilla

Clam AntiVirus: Multiple vulnerabilities↗2009-09-09

▶

Bugzilla

clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270)↗2009-04-09

▶