CVE-2006-1989
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.068 Low
EPSS
Percentile
93.9%
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| clam_anti-virus:clamav | clam anti-virus clamav | eq | 0.88 |
| clam_anti-virus:clamav | clam anti-virus clamav | eq | 0.88.1 |
References
kolab.org/security/kolab-vendor-notice-09.txt
lists.apple.com/archives/security-announce/2006/Jun/msg00000.html
lists.suse.com/archive/suse-security-announce/2006-May/0004.html
secunia.com/advisories/19874
secunia.com/advisories/19880
secunia.com/advisories/19912
secunia.com/advisories/19963
secunia.com/advisories/19964
secunia.com/advisories/20117
secunia.com/advisories/20159
secunia.com/advisories/20877
securitytracker.com/id?1016392
www.clamav.net/security/0.88.2.html
www.debian.org/security/2006/dsa-1050
www.gentoo.org/security/en/glsa/glsa-200605-03.xml
www.kb.cert.org/vuls/id/599220
www.mandriva.com/security/advisories?name=MDKSA-2006:080
www.novell.com/linux/security/advisories/2006_05_05.html
www.osvdb.org/25120
www.securityfocus.com/bid/17754
www.trustix.org/errata/2006/0024
www.vupen.com/english/advisories/2006/1586
www.vupen.com/english/advisories/2006/2566
exchange.xforce.ibmcloud.com/vulnerabilities/26182
Related
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.068 Low
EPSS
Percentile
93.9%