Lucene search

RedhatCVE-2013-6497

HistoryDec 01, 2014 - 3:59 p.m.

CVE-2013-6497

2014-12-0115:59:00

CWE-17

redhat

web.nvd.nist.gov

cve

clamav

denial of service

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.118

Percentile

95.4%

JSON

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

Affected configurations

Nvd

Node

clamavclamavRange≤0.98.4

VendorProductVersionCPE
clamavclamav*cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
clamav	clamav	*	cpe:2.3:a:clamav:clamav::::::::

References

blog.clamav.net/2014/11/clamav-0985-has-been-released.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144754.html

lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html

lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html

lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html

secunia.com/advisories/59645

secunia.com/advisories/60150

www.mandriva.com/security/advisories?name=MDVSA-2014:217

www.openwall.com/lists/oss-security/2014/11/19/2

www.openwall.com/lists/oss-security/2014/11/19/5

www.securityfocus.com/bid/71178

www.ubuntu.com/usn/USN-2423-1

www.ubuntu.com/usn/USN-2488-2

bugzilla.clamav.net/show_bug.cgi?id=11088

bugzilla.redhat.com/show_bug.cgi?id=1138101

exchange.xforce.ibmcloud.com/vulnerabilities/98804

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.2

Confidence

Low

EPSS

0.118

Percentile

95.4%

JSON

Related for CVE-2013-6497