- Description
- The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:N/I:N/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850"
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8"
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75"
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D"
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905"
}
],
"operator": "OR"
}
]
}
]