CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
http://secunia.com/advisories/45382	Vendor Advisory
http://secunia.com/advisories/46717
http://securitytracker.com/id?1025858
http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
http://www.openwall.com/lists/oss-security/2011/07/26/13	Patch
http://www.openwall.com/lists/oss-security/2011/07/26/3	Patch
http://www.osvdb.org/74181
http://www.securityfocus.com/bid/48891
http://www.ubuntu.com/usn/USN-1179-1
https://bugzilla.novell.com/show_bug.cgi?id=708263	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=725694	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818	Patch
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
http://secunia.com/advisories/45382	Vendor Advisory
http://secunia.com/advisories/46717
http://securitytracker.com/id?1025858
http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
http://www.openwall.com/lists/oss-security/2011/07/26/13	Patch
http://www.openwall.com/lists/oss-security/2011/07/26/3	Patch
http://www.osvdb.org/74181
http://www.securityfocus.com/bid/48891
http://www.ubuntu.com/usn/USN-1179-1
https://bugzilla.novell.com/show_bug.cgi?id=708263	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=725694	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:clamav:clamav::::::::
	cpe:2.3:a:clamav:clamav:0.01:::::::*
	cpe:2.3:a:clamav:clamav:0.02:::::::*
	cpe:2.3:a:clamav:clamav:0.3:::::::*
	cpe:2.3:a:clamav:clamav:0.03:::::::*
	cpe:2.3:a:clamav:clamav:0.05:::::::*
	cpe:2.3:a:clamav:clamav:0.8:rc3::::::
	cpe:2.3:a:clamav:clamav:0.9:rc1::::::
	cpe:2.3:a:clamav:clamav:0.10:::::::*
	cpe:2.3:a:clamav:clamav:0.12:::::::*
	cpe:2.3:a:clamav:clamav:0.13:::::::*
	cpe:2.3:a:clamav:clamav:0.14:::::::*
	cpe:2.3:a:clamav:clamav:0.14:pre::::::
	cpe:2.3:a:clamav:clamav:0.15:::::::*
	cpe:2.3:a:clamav:clamav:0.20:::::::*
	cpe:2.3:a:clamav:clamav:0.21:::::::*
	cpe:2.3:a:clamav:clamav:0.22:::::::*
	cpe:2.3:a:clamav:clamav:0.23:::::::*
	cpe:2.3:a:clamav:clamav:0.24:::::::*
	cpe:2.3:a:clamav:clamav:0.51:::::::*
	cpe:2.3:a:clamav:clamav:0.52:::::::*
	cpe:2.3:a:clamav:clamav:0.53:::::::*
	cpe:2.3:a:clamav:clamav:0.54:::::::*
	cpe:2.3:a:clamav:clamav:0.60:::::::*
	cpe:2.3:a:clamav:clamav:0.60p:::::::*
	cpe:2.3:a:clamav:clamav:0.65:::::::*
	cpe:2.3:a:clamav:clamav:0.66:::::::*
	cpe:2.3:a:clamav:clamav:0.67:::::::*
	cpe:2.3:a:clamav:clamav:0.67-1:::::::*
	cpe:2.3:a:clamav:clamav:0.68:::::::*
	cpe:2.3:a:clamav:clamav:0.68.1:::::::*
	cpe:2.3:a:clamav:clamav:0.70:::::::*
	cpe:2.3:a:clamav:clamav:0.70:rc::::::
	cpe:2.3:a:clamav:clamav:0.71:::::::*
	cpe:2.3:a:clamav:clamav:0.72:::::::*
	cpe:2.3:a:clamav:clamav:0.73:::::::*
	cpe:2.3:a:clamav:clamav:0.74:::::::*
	cpe:2.3:a:clamav:clamav:0.75:::::::*
	cpe:2.3:a:clamav:clamav:0.75.1:::::::*
	cpe:2.3:a:clamav:clamav:0.80:::::::*
	cpe:2.3:a:clamav:clamav:0.80:rc::::::
	cpe:2.3:a:clamav:clamav:0.80:rc1::::::
	cpe:2.3:a:clamav:clamav:0.80:rc2::::::
	cpe:2.3:a:clamav:clamav:0.80:rc3::::::
	cpe:2.3:a:clamav:clamav:0.80:rc4::::::
	cpe:2.3:a:clamav:clamav:0.80_rc:::::::*
	cpe:2.3:a:clamav:clamav:0.81:::::::*
	cpe:2.3:a:clamav:clamav:0.81:rc1::::::
	cpe:2.3:a:clamav:clamav:0.82:::::::*
	cpe:2.3:a:clamav:clamav:0.83:::::::*
	cpe:2.3:a:clamav:clamav:0.84:::::::*
	cpe:2.3:a:clamav:clamav:0.84:rc1::::::
	cpe:2.3:a:clamav:clamav:0.84:rc2::::::
	cpe:2.3:a:clamav:clamav:0.85:::::::*
	cpe:2.3:a:clamav:clamav:0.85.1:::::::*
	cpe:2.3:a:clamav:clamav:0.86:::::::*
	cpe:2.3:a:clamav:clamav:0.86:rc1::::::
	cpe:2.3:a:clamav:clamav:0.86.1:::::::*
	cpe:2.3:a:clamav:clamav:0.86.2:::::::*
	cpe:2.3:a:clamav:clamav:0.87:::::::*
	cpe:2.3:a:clamav:clamav:0.87.1:::::::*
	cpe:2.3:a:clamav:clamav:0.88:::::::*
	cpe:2.3:a:clamav:clamav:0.88.1:::::::*
	cpe:2.3:a:clamav:clamav:0.88.2:::::::*
cpe:2.3:a:clamav:clamav:0.88.3:::::::*
cpe:2.3:a:clamav:clamav:0.88.4:::::::*
cpe:2.3:a:clamav:clamav:0.88.5:::::::*
cpe:2.3:a:clamav:clamav:0.88.6:::::::*
cpe:2.3:a:clamav:clamav:0.88.7:::::::*
cpe:2.3:a:clamav:clamav:0.88.7_p0:::::::*
cpe:2.3:a:clamav:clamav:0.88.7_p1:::::::*
cpe:2.3:a:clamav:clamav:0.90:::::::*
cpe:2.3:a:clamav:clamav:0.90:rc1::::::
cpe:2.3:a:clamav:clamav:0.90:rc1.1::::::
cpe:2.3:a:clamav:clamav:0.90:rc2::::::
cpe:2.3:a:clamav:clamav:0.90:rc3::::::
cpe:2.3:a:clamav:clamav:0.90.1:::::::*
cpe:2.3:a:clamav:clamav:0.90.1_p0:::::::*
cpe:2.3:a:clamav:clamav:0.90.2:::::::*
cpe:2.3:a:clamav:clamav:0.90.2_p0:::::::*
cpe:2.3:a:clamav:clamav:0.90.3:::::::*
cpe:2.3:a:clamav:clamav:0.90.3_p0:::::::*
cpe:2.3:a:clamav:clamav:0.90.3_p1:::::::*
cpe:2.3:a:clamav:clamav:0.91:::::::*
cpe:2.3:a:clamav:clamav:0.91:rc1::::::
cpe:2.3:a:clamav:clamav:0.91:rc2::::::
cpe:2.3:a:clamav:clamav:0.91.1:::::::*
cpe:2.3:a:clamav:clamav:0.91.2:::::::*
cpe:2.3:a:clamav:clamav:0.91.2_p0:::::::*
cpe:2.3:a:clamav:clamav:0.92:::::::*
cpe:2.3:a:clamav:clamav:0.92.1:::::::*
cpe:2.3:a:clamav:clamav:0.92_p0:::::::*
cpe:2.3:a:clamav:clamav:0.93:::::::*
cpe:2.3:a:clamav:clamav:0.93.1:::::::*
cpe:2.3:a:clamav:clamav:0.93.2:::::::*
cpe:2.3:a:clamav:clamav:0.93.3:::::::*
cpe:2.3:a:clamav:clamav:0.94:::::::*
cpe:2.3:a:clamav:clamav:0.94.1:::::::*
cpe:2.3:a:clamav:clamav:0.94.2:::::::*
cpe:2.3:a:clamav:clamav:0.95:::::::*
cpe:2.3:a:clamav:clamav:0.95:rc1::::::
cpe:2.3:a:clamav:clamav:0.95:rc2::::::
cpe:2.3:a:clamav:clamav:0.95:src1::::::
cpe:2.3:a:clamav:clamav:0.95:src2::::::
cpe:2.3:a:clamav:clamav:0.95.1:::::::*
cpe:2.3:a:clamav:clamav:0.95.2:::::::*
cpe:2.3:a:clamav:clamav:0.95.3:::::::*
cpe:2.3:a:clamav:clamav:0.96:::::::*
cpe:2.3:a:clamav:clamav:0.96:rc1::::::
cpe:2.3:a:clamav:clamav:0.96:rc2::::::
cpe:2.3:a:clamav:clamav:0.96.1:::::::*
cpe:2.3:a:clamav:clamav:0.96.2:::::::*
cpe:2.3:a:clamav:clamav:0.96.3:::::::*
cpe:2.3:a:clamav:clamav:0.96.4:::::::*
cpe:2.3:a:clamav:clamav:0.96.5:::::::*
cpe:2.3:a:clamav:clamav:0.97:::::::*
cpe:2.3:a:clamav:clamav:0.97:rc::::::

History

21 Nov 2024, 01:28

Information

Published : 2011-08-05 21:55

Updated : 2024-11-21 01:28

NVD link : CVE-2011-2721

Mitre link : CVE-2011-2721

CVE.ORG link : CVE-2011-2721

JSON object : View

Products Affected

clamav

clamav

CWE

CWE-189

Numeric Errors

5.0 /10