CVE-2010-0098 — Clamav vulnerability

8 documents7 sources

Severity

10.0CRITICALNVD

EPSS

3.1%

top 13.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Clamavs Clamav

Timeline

PublishedApr 8

Latest updateMay 2

Description

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶debiandebian/clamav< clamav 0.96+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.96+dfsg-1+3

▶NVDclamav/clamav0.96+76

▶NVDclamavs/clamav0.04, 0.06+1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-xjfx-xwf6-5c7w: ClamAV before 0↗2022-05-02

▶

OSV

CVE-2010-0098: ClamAV before 0↗2010-04-08

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2010-04-08

▶

Red Hat

v0.96): Anti-virus scanning functionality bypass via specially-crafted archive files↗2010-02-15

▶

Debian

CVE-2010-0098: clamav - ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats,...↗2010

▶

💬Community

Bugzilla

CVE-2010-0098 Clam AntiVirus (prior to v0.96): Anti-virus scanning functionality bypass via specially-crafted archive files↗2010-04-08

▶

Bugzilla

CVE-2010-0098 CVE-2010-1311 Multiple clamav vulnerabilities [Fedora all]↗2010-04-08

▶