5.1

CVE-2006-1989

Exploit
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clam Anti-virusClamav Version0.88
Clam Anti-virusClamav Version0.88.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.81% 0.922
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
http://secunia.com/advisories/20117
http://secunia.com/advisories/19964
http://www.novell.com/linux/security/advisories/2006_05_05.html
http://www.trustix.org/errata/2006/0024
http://kolab.org/security/kolab-vendor-notice-09.txt
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html
http://secunia.com/advisories/19874
http://secunia.com/advisories/19880
Patch
Vendor Advisory
Exploit
http://secunia.com/advisories/19912
http://secunia.com/advisories/19963
http://secunia.com/advisories/20159
http://secunia.com/advisories/20877
http://securitytracker.com/id?1016392
http://www.clamav.net/security/0.88.2.html
Vendor Advisory
Exploit
http://www.debian.org/security/2006/dsa-1050
http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml
http://www.kb.cert.org/vuls/id/599220
US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2006:080
http://www.osvdb.org/25120
http://www.securityfocus.com/bid/17754
Patch
http://www.vupen.com/english/advisories/2006/1586
http://www.vupen.com/english/advisories/2006/2566
https://exchange.xforce.ibmcloud.com/vulnerabilities/26182