CVE-2015-2221Infinite Loop in Clamav

CWE-3996 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedMay 12
Latest updateMay 17

Description

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.98.7+dfsg-1 (bookworm)
Debianclamav/clamav< 0.98.7+dfsg-1+3
NVDclamav/clamav0.98.6

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.1

Patches

Patch: blog.clamav.netPatch: blog.clamav.net

🔴Vulnerability Details

2
GHSA
GHSA-67f8-82xm-cq7m: ClamAV before 02022-05-17
OSV
CVE-2015-2221: ClamAV before 02015-05-12

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2015-05-05
Debian
CVE-2015-2221: clamav - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infin...2015

💬Community

1
Bugzilla
CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file2015-04-29