CVE-2011-2721 — Off-by-one Error in Clamav

CWE-1896 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

7.4%

top 8.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedAug 5

Latest updateMay 17

Description

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/clamav< clamav 0.97.2+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.97.2+dfsg-1+3

▶NVDclamav/clamav0.97.1+92

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: bugzilla.novell.com ↗

🔴Vulnerability Details

GHSA

GHSA-x69w-v5wv-rxpx: Off-by-one error in the cli_hm_scan function in matcher-hash↗2022-05-17

▶

OSV

CVE-2011-2721: Off-by-one error in the cli_hm_scan function in matcher-hash↗2011-08-05

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerability↗2011-07-28

▶

Debian

CVE-2011-2721: clamav - Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in C...↗2011

▶

💬Community

Bugzilla

CVE-2011-2721 Clam AntiVirus: Off-by-one error by scanning message hashes↗2011-07-26

▶