National Vulnerability Database (NVD) National Vulnerability Database (CVE-2008-2713)

National Cyber Awareness System

Vulnerability Summary for CVE-2008-2713

Original release date:06/16/2008

Last revised:11/27/2012

Source: US-CERT/NIST

Overview

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type:Allows disruption of serviceUnknown

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA08-260A

Name: TA08-260A

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA08-260A.html

External Source: CONFIRM

Name: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000

Hyperlink:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000

External Source: FEDORA

Name: FEDORA-2008-5476

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html

External Source: FEDORA

Name: FEDORA-2008-6422

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html

External Source: XF

Name: clamav-petite-dos(43133)

Hyperlink:http://xforce.iss.net/xforce/xfdb/43133

External Source: VUPEN

Name: ADV-2008-2584

Hyperlink:http://www.vupen.com/english/advisories/2008/2584

External Source: VUPEN

Name: ADV-2008-1855

Hyperlink:http://www.vupen.com/english/advisories/2008/1855/references

External Source: SECTRACK

Name: 1020305

Hyperlink:http://www.securitytracker.com/id?1020305

External Source: BID

Name: 29750

Hyperlink:http://www.securityfocus.com/bid/29750

External Source: MLIST

Name: [oss-security] 20080617 Re: CVE id request: Clamav

Hyperlink:http://www.openwall.com/lists/oss-security/2008/06/17/8

External Source: MLIST

Name: [oss-security] 20080615 CVE id request: Clamav

Hyperlink:http://www.openwall.com/lists/oss-security/2008/06/15/2

External Source: MANDRIVA

Name: MDVSA-2008:122

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:122

External Source: DEBIAN

Name: DSA-1616

Hyperlink:http://www.debian.org/security/2008/dsa-1616

External Source: CONFIRM

Name: http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

Hyperlink:http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

External Source: CONFIRM

Name: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886

Hyperlink:http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886

External Source: CONFIRM

Name: http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638

Hyperlink:http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638

External Source: GENTOO

Name: GLSA-200808-07

Hyperlink:http://security.gentoo.org/glsa/glsa-200808-07.xml

External Source: SECUNIA

Name: 31882

Hyperlink:http://secunia.com/advisories/31882

External Source: SECUNIA

Name: 31576

Hyperlink:http://secunia.com/advisories/31576

External Source: SECUNIA

Name: 31437

Hyperlink:http://secunia.com/advisories/31437

External Source: SECUNIA

Name: 31206

Hyperlink:http://secunia.com/advisories/31206

External Source: SECUNIA

Name: 31167

Hyperlink:http://secunia.com/advisories/31167

External Source: SECUNIA

Name: 31091

Hyperlink:http://secunia.com/advisories/31091

External Source: SECUNIA

Name: 30967

Hyperlink:http://secunia.com/advisories/30967

External Source: SECUNIA

Name: 30829

Hyperlink:http://secunia.com/advisories/30829

External Source: SECUNIA

Name: 30785

Hyperlink:http://secunia.com/advisories/30785

External Source: SECUNIA

Name: 30657

Hyperlink:http://secunia.com/advisories/30657

External Source: SUSE

Name: SUSE-SR:2008:015

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html

External Source: SUSE

Name: SUSE-SR:2008:014

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html

External Source: APPLE

Name: APPLE-SA-2008-09-15

Hyperlink:http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

External Source: CONFIRM

Name: http://kolab.org/security/kolab-vendor-notice-21.txt

Hyperlink:http://kolab.org/security/kolab-vendor-notice-21.txt

Vulnerable software and versions

Configuration 1

* cpe:/a:clam_anti-virus:clamav:0.15

* cpe:/a:clam_anti-virus:clamav:0.20

* cpe:/a:clam_anti-virus:clamav:0.21

* cpe:/a:clam_anti-virus:clamav:0.22

* cpe:/a:clam_anti-virus:clamav:0.23

* cpe:/a:clam_anti-virus:clamav:0.24

* cpe:/a:clam_anti-virus:clamav:0.51

* cpe:/a:clam_anti-virus:clamav:0.52

* cpe:/a:clam_anti-virus:clamav:0.53

* cpe:/a:clam_anti-virus:clamav:0.54

* cpe:/a:clam_anti-virus:clamav:0.60

* cpe:/a:clam_anti-virus:clamav:0.60p

* cpe:/a:clam_anti-virus:clamav:0.65

* cpe:/a:clam_anti-virus:clamav:0.67

* cpe:/a:clam_anti-virus:clamav:0.68

* cpe:/a:clam_anti-virus:clamav:0.68.1

* cpe:/a:clam_anti-virus:clamav:0.70

* cpe:/a:clam_anti-virus:clamav:0.71

* cpe:/a:clam_anti-virus:clamav:0.72

* cpe:/a:clam_anti-virus:clamav:0.73

* cpe:/a:clam_anti-virus:clamav:0.74

* cpe:/a:clam_anti-virus:clamav:0.75

* cpe:/a:clam_anti-virus:clamav:0.75.1

* cpe:/a:clam_anti-virus:clamav:0.80

* cpe:/a:clam_anti-virus:clamav:0.80_rc1

* cpe:/a:clam_anti-virus:clamav:0.80_rc2

* cpe:/a:clam_anti-virus:clamav:0.80_rc3

* cpe:/a:clam_anti-virus:clamav:0.80_rc4

* cpe:/a:clam_anti-virus:clamav:0.81

* cpe:/a:clam_anti-virus:clamav:0.81_rc1

* cpe:/a:clam_anti-virus:clamav:0.82

* cpe:/a:clam_anti-virus:clamav:0.83

* cpe:/a:clam_anti-virus:clamav:0.84

* cpe:/a:clam_anti-virus:clamav:0.84_rc1

* cpe:/a:clam_anti-virus:clamav:0.84_rc2

* cpe:/a:clam_anti-virus:clamav:0.85

* cpe:/a:clam_anti-virus:clamav:0.85.1

* cpe:/a:clam_anti-virus:clamav:0.86

* cpe:/a:clam_anti-virus:clamav:0.86.1

* cpe:/a:clam_anti-virus:clamav:0.86.2

* cpe:/a:clam_anti-virus:clamav:0.86_rc1

* cpe:/a:clam_anti-virus:clamav:0.87

* cpe:/a:clam_anti-virus:clamav:0.87.1

* cpe:/a:clam_anti-virus:clamav:0.88

* cpe:/a:clam_anti-virus:clamav:0.88.1

* cpe:/a:clam_anti-virus:clamav:0.88.3

* cpe:/a:clam_anti-virus:clamav:0.88.4

* cpe:/a:clam_anti-virus:clamav:0.88.5

* cpe:/a:clam_anti-virus:clamav:0.88.6

* cpe:/a:clam_anti-virus:clamav:0.88.7

* cpe:/a:clam_anti-virus:clamav:0.90

* cpe:/a:clam_anti-virus:clamav:0.90.1

* cpe:/a:clam_anti-virus:clamav:0.90.2

* cpe:/a:clam_anti-virus:clamav:0.90_rc1.1

* cpe:/a:clam_anti-virus:clamav:0.90_rc2

* cpe:/a:clam_anti-virus:clamav:0.90_rc3

* cpe:/a:clam_anti-virus:clamav:0.90rc1

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

Resource Management Errors (CWE-399)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713