CVE-2011-3627 — Clamav vulnerability

CWE-1896 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

2.7%

top 14.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedNov 17

Latest updateMay 17

Description

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/clamav< clamav 0.97.3+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.97.3+dfsg-1+3

▶NVDclamav/clamav0.97.2+29

🔴Vulnerability Details

GHSA

GHSA-4q2r-2f2p-2pc3: The bytecode engine in ClamAV before 0↗2022-05-17

▶

OSV

CVE-2011-3627: The bytecode engine in ClamAV before 0↗2011-11-17

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerability↗2011-11-10

▶

Debian

CVE-2011-3627: clamav - The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a d...↗2011

▶

💬Community

Bugzilla

CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3↗2011-10-18

▶