Lucene search

[email protected]CVE-2008-1835

HistoryApr 16, 2008 - 4:05 p.m.

CVE-2008-1835

2008-04-1616:05:00

CWE-20

[email protected]

web.nvd.nist.gov

clamav

bypass

scanning engine

rar file

cve-2008-1835

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.2%

JSON

ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.

Affected configurations

NVD

Node

clam_anti-virusclamavRange≤0.92.1

clam_anti-virusclamavMatch0.15

clam_anti-virusclamavMatch0.20

clam_anti-virusclamavMatch0.21

clam_anti-virusclamavMatch0.22

clam_anti-virusclamavMatch0.23

clam_anti-virusclamavMatch0.24

clam_anti-virusclamavMatch0.51

clam_anti-virusclamavMatch0.52

clam_anti-virusclamavMatch0.53

clam_anti-virusclamavMatch0.54

clam_anti-virusclamavMatch0.60

clam_anti-virusclamavMatch0.60p

clam_anti-virusclamavMatch0.65

clam_anti-virusclamavMatch0.67

clam_anti-virusclamavMatch0.68

clam_anti-virusclamavMatch0.68.1

clam_anti-virusclamavMatch0.70

clam_anti-virusclamavMatch0.71

clam_anti-virusclamavMatch0.72

clam_anti-virusclamavMatch0.73

clam_anti-virusclamavMatch0.74

clam_anti-virusclamavMatch0.75

clam_anti-virusclamavMatch0.75.1

clam_anti-virusclamavMatch0.80

clam_anti-virusclamavMatch0.80_rc1

clam_anti-virusclamavMatch0.80_rc2

clam_anti-virusclamavMatch0.80_rc3

clam_anti-virusclamavMatch0.80_rc4

clam_anti-virusclamavMatch0.81

clam_anti-virusclamavMatch0.81_rc1

clam_anti-virusclamavMatch0.82

clam_anti-virusclamavMatch0.83

clam_anti-virusclamavMatch0.84

clam_anti-virusclamavMatch0.84_rc1

clam_anti-virusclamavMatch0.84_rc2

clam_anti-virusclamavMatch0.85

clam_anti-virusclamavMatch0.85.1

clam_anti-virusclamavMatch0.86

clam_anti-virusclamavMatch0.86.1

clam_anti-virusclamavMatch0.86.2

clam_anti-virusclamavMatch0.86_rc1

clam_anti-virusclamavMatch0.87

clam_anti-virusclamavMatch0.87.1

clam_anti-virusclamavMatch0.88

clam_anti-virusclamavMatch0.88.1

clam_anti-virusclamavMatch0.88.3

clam_anti-virusclamavMatch0.88.4

clam_anti-virusclamavMatch0.88.5

clam_anti-virusclamavMatch0.88.6

clam_anti-virusclamavMatch0.88.7

clam_anti-virusclamavMatch0.90

clam_anti-virusclamavMatch0.90.1

clam_anti-virusclamavMatch0.90.2

clam_anti-virusclamavMatch0.90_rc1.1

clam_anti-virusclamavMatch0.90_rc2

clam_anti-virusclamavMatch0.90_rc3

clam_anti-virusclamavMatch0.90rc1

clam_anti-virusclamavMatch0.91

clam_anti-virusclamavMatch0.91.1

clam_anti-virusclamavMatch0.91.2

clam_anti-virusclamavMatch0.91rc1

clam_anti-virusclamavMatch0.91rc2

clam_anti-virusclamavMatch0.92

CPENameOperatorVersion
clam_anti-virus:clamavclam anti-virus clamavle0.92.1
clam_anti-virus:clamavclam anti-virus clamaveq0.15
clam_anti-virus:clamavclam anti-virus clamaveq0.20
clam_anti-virus:clamavclam anti-virus clamaveq0.21
clam_anti-virus:clamavclam anti-virus clamaveq0.22
clam_anti-virus:clamavclam anti-virus clamaveq0.23
clam_anti-virus:clamavclam anti-virus clamaveq0.24
clam_anti-virus:clamavclam anti-virus clamaveq0.51
clam_anti-virus:clamavclam anti-virus clamaveq0.52
clam_anti-virus:clamavclam anti-virus clamaveq0.53

CPE	Name	Operator	Version
clam_anti-virus:clamav	clam anti-virus clamav	le	0.92.1
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.15
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.20
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.21
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.22
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.23
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.24
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.51
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.52
clam_anti-virus:clamav	clam anti-virus clamav	eq	0.53