National Cyber Awareness System

Vulnerability Summary for CVE-2011-2721

Overview

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

Type: Patch Information

Hyperlink:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=725694

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=725694

External Source: CONFIRM

Name: https://bugzilla.novell.com/show_bug.cgi?id=708263

Type: Patch Information

Hyperlink:https://bugzilla.novell.com/show_bug.cgi?id=708263

External Source: MLIST

Name: [oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2011/07/26/3

External Source: MLIST

Name: [oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2011/07/26/13

External Source: CONFIRM

Name: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5

Type: Patch Information

Hyperlink:http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5

External Source: XF

Name: clamav-scan-dos(68785)

Hyperlink:http://xforce.iss.net/xforce/xfdb/68785

External Source: UBUNTU

Name: USN-1179-1

Hyperlink:http://www.ubuntu.com/usn/USN-1179-1

External Source: BID

Name: 48891

Hyperlink:http://www.securityfocus.com/bid/48891

External Source: OSVDB

Name: 74181

Hyperlink:http://www.osvdb.org/74181

External Source: MANDRIVA

Name: MDVSA-2011:122

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2011:122

External Source: SECTRACK

Name: 1025858

Hyperlink:http://securitytracker.com/id?1025858

External Source: SECUNIA

Name: 46717

Hyperlink:http://secunia.com/advisories/46717

External Source: SECUNIA

Name: 45382

Type: Advisory

Hyperlink:http://secunia.com/advisories/45382

External Source: FEDORA

Name: FEDORA-2011-15033

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html

External Source: FEDORA

Name: FEDORA-2011-15119

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html

External Source: FEDORA

Name: FEDORA-2011-15076

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html

External Source: CONFIRM

Name: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2

Hyperlink:http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2