Lucene search

[email protected]CVE-2009-1270

HistoryApr 08, 2009 - 4:30 p.m.

CVE-2009-1270

2009-04-0816:30:00

CWE-835

[email protected]

web.nvd.nist.gov

cve

2009

1270

clamav

denial of service

tar

remote attackers

vulnerability

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7 High

AI Score

Confidence

High

0.108 Low

EPSS

Percentile

95.1%

JSON

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Affected configurations

NVD

Node

clamavclamavRange<0.95

Node

debiandebian_linuxMatch4.0

debiandebian_linuxMatch5.0

Node

canonicalubuntu_linuxMatch8.10

CPENameOperatorVersion
clamav:clamavclamavlt0.95

CPE	Name	Operator	Version
clamav:clamav	clamav	lt	0.95

References

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

osvdb.org/53461

secunia.com/advisories/34716

secunia.com/advisories/36701

support.apple.com/kb/HT3865

www.debian.org/security/2009/dsa-1771

www.mandriva.com/security/advisories?name=MDVSA-2009:097

www.openwall.com/lists/oss-security/2009/04/07/6

www.securityfocus.com/bid/34357

www.ubuntu.com/usn/usn-754-1

www.vupen.com/english/advisories/2009/0934

exchange.xforce.ibmcloud.com/vulnerabilities/49846

wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7 High

AI Score

Confidence

High

0.108 Low

EPSS

Percentile

95.1%

JSON

Related for CVE-2009-1270

ubuntucve1 nvd1 prion1 debiancve1 cvelist1 redhatcve3 nessus7 debian3 openvas16 ubuntu1 osv1 gentoo1 altlinux3