Vulnerabilites related to clamavs - clamav
cve-2010-1311
Vulnerability from cvelistv5
Published
2010-04-08 17:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:18.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"name": "ADV-2010-1206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-28T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"name": "ADV-2010-1206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"name": "ADV-2010-1206",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "http://support.apple.com/kb/HT4312",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1311",
"datePublished": "2010-04-08T17:00:00",
"dateReserved": "2010-04-08T00:00:00",
"dateUpdated": "2024-08-07T01:21:18.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0098
Vulnerability from cvelistv5
Published
2010-04-08 17:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:54.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826"
},
{
"name": "[oss-security] 20100407 Re: ClamAV small issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/3"
},
{
"name": "ADV-2010-1206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "[oss-security] 20100406 ClamAV small issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-28T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826"
},
{
"name": "[oss-security] 20100407 Re: ClamAV small issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/3"
},
{
"name": "ADV-2010-1206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "[oss-security] 20100406 ClamAV small issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2010-0098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826"
},
{
"name": "[oss-security] 20100407 Re: ClamAV small issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/3"
},
{
"name": "ADV-2010-1206",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"name": "39656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39656"
},
{
"name": "MDVSA-2010:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"name": "USN-926-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"name": "ADV-2010-0827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"name": "APPLE-SA-2010-08-24-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"name": "SUSE-SR:2010:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"name": "http://support.apple.com/kb/HT4312",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4312"
},
{
"name": "[oss-security] 20100406 ClamAV small issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/06/4"
},
{
"name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96",
"refsource": "CONFIRM",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96"
},
{
"name": "ADV-2010-0909",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"name": "39293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39293"
},
{
"name": "ADV-2010-0832",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"name": "39329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39329"
},
{
"name": "39262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39262"
},
{
"name": "ADV-2010-1001",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2010-0098",
"datePublished": "2010-04-08T17:00:00",
"dateReserved": "2009-12-30T00:00:00",
"dateUpdated": "2024-08-07T00:37:54.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-04-08 17:30
Modified
2024-11-21 01:14
Severity ?
Summary
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9F3E211-9E3F-4FDE-A777-B599EC67A1AB",
"versionEndIncluding": "0.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "68EC0AEB-91CF-4A79-AF40-A475E896FB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5935EDE0-9203-4150-9B7A-AB10B377F9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2680C-C187-487A-B6C4-F509E0C52436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A796E5E1-6481-49EF-8D97-9EC2A01C712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "03FF3AE5-5BD9-43B4-9FB0-6BED8450C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4E951B4D-F244-43A4-9593-B8B975D16C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22958219-46D6-4868-B324-BFC2F2C893F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4543DDEE-C1D1-428F-91C7-98B8985A5931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED760C-7106-49CE-B4FE-CA53A1092C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "821EF522-A058-4509-A4CB-E9B800E83EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*",
"matchCriteriaId": "CABA4177-6B24-4364-BC34-D5ED171E60FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F488ACB2-A013-4BF3-B5AC-897E40BA87F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5799FA-DD99-4A35-BC56-B2FBEB747226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F32EA99F-088E-499E-9DCE-EFA9A64D1673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B04C5B-316D-4C6A-96CF-F145F7C9E636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E66D5CDE-ED5D-41BA-A4B1-28E8559EC056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "20769174-C51F-47D5-A34F-EB772F542A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "721B8B46-DFD9-4937-96A3-8D731304415B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF18A59-FB30-45C6-B28E-4499DCD78F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "0B28E0BE-1E2D-45D2-B483-2D81326BF482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "E7029650-6DF1-4616-BE9F-DE40E9BBE3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F47FD5DF-F22E-4B78-9B92-A9C41950F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F9571F-9192-414F-B680-10A22C71CFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CAC876-9AAC-407C-A34E-98AA6801D25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "470FC8FE-785A-4934-8989-D17C1796870E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "79A6C0FE-2EED-447D-9F62-12CFF1E0918A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0928E05F-92E7-4451-AC11-4E6A014E1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E7A70A-3584-4259-80CA-03AE290ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24AF81C1-5B68-4D84-AFB9-C0419B7F98D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D70A0-EC82-4DC7-A66D-60D263B76E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*",
"matchCriteriaId": "28C9C5AD-97A9-42C8-917C-2787785F5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AB3389-1C30-47BB-9DAE-0F744E7F8877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4D3D3E-067B-4A37-A851-99D2A3E20FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA837A0-C8CB-486B-845E-A370E3137697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "235A144A-4AB1-4756-AFB1-58AFFE02649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "767BBE7F-6CC4-42D4-9730-6E617D36AAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA7CD6A-133F-48E4-87BC-77CF21A25940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "F65A7930-A913-4C3D-95A3-E629D6A468C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "05D1FAF4-B4F8-446F-88C3-01289C01DB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4DA6E00-8126-4B62-9E7F-1E3BFC827BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BB0958CD-187F-4DD0-A31B-5002861F6326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9C24942D-7AD6-4391-8F05-2827AB6A751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DA719FE4-04E0-4664-8EEC-70CD613408DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "C859F864-B68F-4805-B804-E50F2C3FFE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CAFEA5-C062-43EA-A302-38887DA6768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "525DC218-308C-4A0E-96A7-DC74B8973B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A4969C16-F67D-4C30-A537-FE64F4CFC3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B0D72B20-1F61-4499-9ADE-88AF98C3C19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "72C71B82-8F84-4855-A138-7E7436788D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "039341D8-8E2B-4901-BFA6-9CCC46A18C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "C048A75E-6587-485C-9F2B-E12BED34FF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "97DAD83E-F14F-4B87-B5D8-7BCAD8F446BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4D448-DDCD-4C0B-AA84-2D054FCF718C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B003639-3228-4AC1-AB46-73481BB5DDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6A495D-F9BB-41B9-A912-670D837EA278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45F5E6B4-88DD-4426-9FB6-D9009F6B8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1EB857-D417-49EB-89FD-04733C872EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D09D6-3EFD-45A6-88C3-199BF3EF9A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4551D5ED-6C72-4C9B-A556-491042A6113A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01859947-09D4-417E-92A4-FA4F1625C60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "797B7A3B-BAEA-4868-BC3E-CE629FE151F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30337B76-E552-431F-B49C-A418E5B851A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53027413-3353-4051-88FA-A46859AD747A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "970D5900-7F83-4140-A3E4-FF4E710DBD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDAFCF3-811C-4365-8BBA-E0BB4F67AD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5180162-81FA-4605-B5B6-E01B312341EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*",
"matchCriteriaId": "A9915D81-4A7C-4B22-86F7-369CF68A0F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F2E0386-6A8E-4416-A4C6-139EB2CAD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*",
"matchCriteriaId": "613E8544-7B2B-4FC5-AC60-190EC2D8025A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E8E7E7-E29A-4539-8D8C-45B9C39B0146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7681419E-5125-40D6-BE61-57CE9C8F3DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96A13543-D7E2-41D6-8E8E-BE150ECDAA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E891471A-A0B8-4251-A6D3-60E947A18F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A3340E5-36AF-4BFC-B6E8-13213EA6969F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D520BB1-7863-42B2-88D7-23C543A8F13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6A5E0-66E0-4EA7-9007-2389179500C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED827D10-C862-4BC7-AB33-06E040DAE161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "37A3B776-0096-41B7-8D2E-C6F0B4F37458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AAC04C-FFC7-45D8-A29C-6B258CD56489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "9A66094D-050A-405E-AB0F-239A39F64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF14BCBC-8B3C-4F70-93E8-ADB5C992ACE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B931BDB2-DBE4-4983-ABFB-86941CDD14F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8FA4A86-C015-4F1F-B565-89410E70D053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "F874453A-7F9C-4FF2-ACBD-F691FBF3B4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0722860E-934A-49CA-BEAD-0EB05AA6E4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96F399F4-E7C0-4AD0-AA4F-C7C7FC2C466E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0BB8C6-F0A3-418F-A457-93A4CC5BB6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65766FB2-392A-4F05-9259-C7B8D6CBDDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4E74A119-A76A-47E5-AC5E-9DF700453B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3241AA52-40F4-49C0-8C04-08610B729E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C55B1-1C05-4CDB-BFDE-D174F3C0434B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59887C-77E2-4AEA-B7CD-A5A24F926D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*",
"matchCriteriaId": "609BF125-E8A9-4105-9FDE-5FFA9371736F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamavs:clamav:0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "9538B256-D757-440F-9B26-F5562312678A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamavs:clamav:0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "66942C48-9D6A-4367-9808-7BE1AA1447A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n qtm_decompress en libclamav/mspack.c en ClamAV anterior a v0.96, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo CAB manipulado que usa el formato de compresi\u00f3n Quantum (tambi\u00e9n conocido como .Q). NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-1311",
"lastModified": "2024-11-21T01:14:06.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-08T17:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39293"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39329"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39656"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-08 17:30
Modified
2024-11-21 01:11
Severity ?
Summary
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B9F3E211-9E3F-4FDE-A777-B599EC67A1AB",
"versionEndIncluding": "0.96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "68EC0AEB-91CF-4A79-AF40-A475E896FB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5935EDE0-9203-4150-9B7A-AB10B377F9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2680C-C187-487A-B6C4-F509E0C52436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A796E5E1-6481-49EF-8D97-9EC2A01C712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "03FF3AE5-5BD9-43B4-9FB0-6BED8450C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4E951B4D-F244-43A4-9593-B8B975D16C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22958219-46D6-4868-B324-BFC2F2C893F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4543DDEE-C1D1-428F-91C7-98B8985A5931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED760C-7106-49CE-B4FE-CA53A1092C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "821EF522-A058-4509-A4CB-E9B800E83EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*",
"matchCriteriaId": "CABA4177-6B24-4364-BC34-D5ED171E60FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F488ACB2-A013-4BF3-B5AC-897E40BA87F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5799FA-DD99-4A35-BC56-B2FBEB747226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F32EA99F-088E-499E-9DCE-EFA9A64D1673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B04C5B-316D-4C6A-96CF-F145F7C9E636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E66D5CDE-ED5D-41BA-A4B1-28E8559EC056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "20769174-C51F-47D5-A34F-EB772F542A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "721B8B46-DFD9-4937-96A3-8D731304415B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF18A59-FB30-45C6-B28E-4499DCD78F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "0B28E0BE-1E2D-45D2-B483-2D81326BF482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "E7029650-6DF1-4616-BE9F-DE40E9BBE3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F47FD5DF-F22E-4B78-9B92-A9C41950F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F9571F-9192-414F-B680-10A22C71CFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CAC876-9AAC-407C-A34E-98AA6801D25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "470FC8FE-785A-4934-8989-D17C1796870E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "79A6C0FE-2EED-447D-9F62-12CFF1E0918A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0928E05F-92E7-4451-AC11-4E6A014E1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E7A70A-3584-4259-80CA-03AE290ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24AF81C1-5B68-4D84-AFB9-C0419B7F98D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D70A0-EC82-4DC7-A66D-60D263B76E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*",
"matchCriteriaId": "28C9C5AD-97A9-42C8-917C-2787785F5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AB3389-1C30-47BB-9DAE-0F744E7F8877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4D3D3E-067B-4A37-A851-99D2A3E20FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA837A0-C8CB-486B-845E-A370E3137697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "235A144A-4AB1-4756-AFB1-58AFFE02649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "767BBE7F-6CC4-42D4-9730-6E617D36AAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA7CD6A-133F-48E4-87BC-77CF21A25940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "F65A7930-A913-4C3D-95A3-E629D6A468C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "05D1FAF4-B4F8-446F-88C3-01289C01DB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4DA6E00-8126-4B62-9E7F-1E3BFC827BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BB0958CD-187F-4DD0-A31B-5002861F6326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9C24942D-7AD6-4391-8F05-2827AB6A751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DA719FE4-04E0-4664-8EEC-70CD613408DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "C859F864-B68F-4805-B804-E50F2C3FFE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CAFEA5-C062-43EA-A302-38887DA6768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "525DC218-308C-4A0E-96A7-DC74B8973B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A4969C16-F67D-4C30-A537-FE64F4CFC3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B0D72B20-1F61-4499-9ADE-88AF98C3C19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "72C71B82-8F84-4855-A138-7E7436788D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "039341D8-8E2B-4901-BFA6-9CCC46A18C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "C048A75E-6587-485C-9F2B-E12BED34FF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "97DAD83E-F14F-4B87-B5D8-7BCAD8F446BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4D448-DDCD-4C0B-AA84-2D054FCF718C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B003639-3228-4AC1-AB46-73481BB5DDA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6A495D-F9BB-41B9-A912-670D837EA278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45F5E6B4-88DD-4426-9FB6-D9009F6B8740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DB1EB857-D417-49EB-89FD-04733C872EE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D09D6-3EFD-45A6-88C3-199BF3EF9A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4551D5ED-6C72-4C9B-A556-491042A6113A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01859947-09D4-417E-92A4-FA4F1625C60D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "797B7A3B-BAEA-4868-BC3E-CE629FE151F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30337B76-E552-431F-B49C-A418E5B851A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53027413-3353-4051-88FA-A46859AD747A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "970D5900-7F83-4140-A3E4-FF4E710DBD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDAFCF3-811C-4365-8BBA-E0BB4F67AD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B5180162-81FA-4605-B5B6-E01B312341EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*",
"matchCriteriaId": "A9915D81-4A7C-4B22-86F7-369CF68A0F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7F2E0386-6A8E-4416-A4C6-139EB2CAD57D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*",
"matchCriteriaId": "613E8544-7B2B-4FC5-AC60-190EC2D8025A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13E8E7E7-E29A-4539-8D8C-45B9C39B0146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7681419E-5125-40D6-BE61-57CE9C8F3DB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96A13543-D7E2-41D6-8E8E-BE150ECDAA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "E891471A-A0B8-4251-A6D3-60E947A18F70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A3340E5-36AF-4BFC-B6E8-13213EA6969F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D520BB1-7863-42B2-88D7-23C543A8F13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E6A5E0-66E0-4EA7-9007-2389179500C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED827D10-C862-4BC7-AB33-06E040DAE161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "37A3B776-0096-41B7-8D2E-C6F0B4F37458",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AAC04C-FFC7-45D8-A29C-6B258CD56489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "9A66094D-050A-405E-AB0F-239A39F64E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF14BCBC-8B3C-4F70-93E8-ADB5C992ACE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B931BDB2-DBE4-4983-ABFB-86941CDD14F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C8FA4A86-C015-4F1F-B565-89410E70D053",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "F874453A-7F9C-4FF2-ACBD-F691FBF3B4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0722860E-934A-49CA-BEAD-0EB05AA6E4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96F399F4-E7C0-4AD0-AA4F-C7C7FC2C466E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "1F0BB8C6-F0A3-418F-A457-93A4CC5BB6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*",
"matchCriteriaId": "65766FB2-392A-4F05-9259-C7B8D6CBDDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4E74A119-A76A-47E5-AC5E-9DF700453B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3241AA52-40F4-49C0-8C04-08610B729E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3C55B1-1C05-4CDB-BFDE-D174F3C0434B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6F59887C-77E2-4AEA-B7CD-A5A24F926D09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*",
"matchCriteriaId": "609BF125-E8A9-4105-9FDE-5FFA9371736F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamavs:clamav:0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "9538B256-D757-440F-9B26-F5562312678A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamavs:clamav:0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "66942C48-9D6A-4367-9808-7BE1AA1447A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities."
},
{
"lang": "es",
"value": "ClamAV anterior a v0.96 no maneja adecuadamente los formatos de archivo (1) CAB y (2) 7z, lo que permite a atacantes remotos evitar la detecci\u00f3n de virus a trav\u00e9s de un archivo manipulado que es compatible con las utilidades de archivo est\u00e1ndar."
}
],
"id": "CVE-2010-0098",
"lastModified": "2024-11-21T01:11:31.933",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-08T17:30:00.313",
"references": [
{
"source": "cret@cert.org",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"source": "cret@cert.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "cret@cert.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/39293"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39329"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/39656"
},
{
"source": "cret@cert.org",
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2010/04/06/4"
},
{
"source": "cret@cert.org",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/3"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"source": "cret@cert.org",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"source": "cret@cert.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/39262"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-926-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}