Lucene search

[email protected]CVE-2008-1100

HistoryApr 14, 2008 - 4:05 p.m.

CVE-2008-1100

2008-04-1416:05:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1100

buffer overflow

libclamav

remote code execution

upack pe file

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.46 Medium

EPSS

Percentile

97.4%

JSON

Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.

Affected configurations

NVD

Node

clam_anti-virusclamavMatch0.92

clam_anti-virusclamavMatch0.92.1

CPENameOperatorVersion
clam_anti-virus:clamavclam anti-virus clamaveq0.92
clam_anti-virus:clamavclam anti-virus clamaveq0.92.1

CPE	Name	Operator	Version
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.92
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.92.1

References

kolab.org/security/kolab-vendor-notice-20.txt

lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html

lists.opensuse.org/opensuse-updates/2015-05/msg00024.html

secunia.com/advisories/29000

secunia.com/advisories/29863

secunia.com/advisories/29886

secunia.com/advisories/29891

secunia.com/advisories/29975

secunia.com/advisories/30253

secunia.com/advisories/30328

secunia.com/advisories/31882

secunia.com/secunia_research/2008-11/advisory/

security.gentoo.org/glsa/glsa-200805-19.xml

www.debian.org/security/2008/dsa-1549

www.kb.cert.org/vuls/id/858595

www.mandriva.com/security/advisories?name=MDVSA-2008:088

www.securityfocus.com/bid/28756

www.securityfocus.com/bid/28784

www.securitytracker.com/id?1019837

www.us-cert.gov/cas/techalerts/TA08-260A.html

www.vupen.com/english/advisories/2008/1218/references

www.vupen.com/english/advisories/2008/2584

exchange.xforce.ibmcloud.com/vulnerabilities/41789

www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html

www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html

www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html

wwws.clamav.net/bugzilla/show_bug.cgi?id=878

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.46 Medium

EPSS

Percentile

97.4%

JSON

Related for CVE-2008-1100

nvd1 prion1 seebug1 ubuntucve1 debiancve1 cvelist1 nessus11 altlinux3 openvas25 cert1 debian1 freebsd1 osv1 fedora5 gentoo1 suse1