5

CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClamavClamav Version <= 0.97.1
ClamavClamav Version0.01
ClamavClamav Version0.02
ClamavClamav Version0.3
ClamavClamav Version0.03
ClamavClamav Version0.05
ClamavClamav Version0.8 Updaterc3
ClamavClamav Version0.9 Updaterc1
ClamavClamav Version0.10
ClamavClamav Version0.12
ClamavClamav Version0.13
ClamavClamav Version0.14
ClamavClamav Version0.14 Updatepre
ClamavClamav Version0.15
ClamavClamav Version0.20
ClamavClamav Version0.21
ClamavClamav Version0.22
ClamavClamav Version0.23
ClamavClamav Version0.24
ClamavClamav Version0.51
ClamavClamav Version0.52
ClamavClamav Version0.53
ClamavClamav Version0.54
ClamavClamav Version0.60
ClamavClamav Version0.60p
ClamavClamav Version0.65
ClamavClamav Version0.66
ClamavClamav Version0.67
ClamavClamav Version0.67-1
ClamavClamav Version0.68
ClamavClamav Version0.68.1
ClamavClamav Version0.70
ClamavClamav Version0.70 Updaterc
ClamavClamav Version0.71
ClamavClamav Version0.72
ClamavClamav Version0.73
ClamavClamav Version0.74
ClamavClamav Version0.75
ClamavClamav Version0.75.1
ClamavClamav Version0.80
ClamavClamav Version0.80 Updaterc
ClamavClamav Version0.80 Updaterc1
ClamavClamav Version0.80 Updaterc2
ClamavClamav Version0.80 Updaterc3
ClamavClamav Version0.80 Updaterc4
ClamavClamav Version0.80_rc
ClamavClamav Version0.81
ClamavClamav Version0.81 Updaterc1
ClamavClamav Version0.82
ClamavClamav Version0.83
ClamavClamav Version0.84
ClamavClamav Version0.84 Updaterc1
ClamavClamav Version0.84 Updaterc2
ClamavClamav Version0.85
ClamavClamav Version0.85.1
ClamavClamav Version0.86
ClamavClamav Version0.86 Updaterc1
ClamavClamav Version0.86.1
ClamavClamav Version0.86.2
ClamavClamav Version0.87
ClamavClamav Version0.87.1
ClamavClamav Version0.88
ClamavClamav Version0.88.1
ClamavClamav Version0.88.2
ClamavClamav Version0.88.3
ClamavClamav Version0.88.4
ClamavClamav Version0.88.5
ClamavClamav Version0.88.6
ClamavClamav Version0.88.7
ClamavClamav Version0.88.7_p0
ClamavClamav Version0.88.7_p1
ClamavClamav Version0.90
ClamavClamav Version0.90 Updaterc1
ClamavClamav Version0.90 Updaterc1.1
ClamavClamav Version0.90 Updaterc2
ClamavClamav Version0.90 Updaterc3
ClamavClamav Version0.90.1
ClamavClamav Version0.90.1_p0
ClamavClamav Version0.90.2
ClamavClamav Version0.90.2_p0
ClamavClamav Version0.90.3
ClamavClamav Version0.90.3_p0
ClamavClamav Version0.90.3_p1
ClamavClamav Version0.91
ClamavClamav Version0.91 Updaterc1
ClamavClamav Version0.91 Updaterc2
ClamavClamav Version0.91.1
ClamavClamav Version0.91.2
ClamavClamav Version0.91.2_p0
ClamavClamav Version0.92
ClamavClamav Version0.92.1
ClamavClamav Version0.92_p0
ClamavClamav Version0.93
ClamavClamav Version0.93.1
ClamavClamav Version0.93.2
ClamavClamav Version0.93.3
ClamavClamav Version0.94
ClamavClamav Version0.94.1
ClamavClamav Version0.94.2
ClamavClamav Version0.95
ClamavClamav Version0.95 Updaterc1
ClamavClamav Version0.95 Updaterc2
ClamavClamav Version0.95 Updatesrc1
ClamavClamav Version0.95 Updatesrc2
ClamavClamav Version0.95.1
ClamavClamav Version0.95.2
ClamavClamav Version0.95.3
ClamavClamav Version0.96
ClamavClamav Version0.96 Updaterc1
ClamavClamav Version0.96 Updaterc2
ClamavClamav Version0.96.1
ClamavClamav Version0.96.2
ClamavClamav Version0.96.3
ClamavClamav Version0.96.4
ClamavClamav Version0.96.5
ClamavClamav Version0.97
ClamavClamav Version0.97 Updaterc
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.38% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.97.2
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commit%3Bh=4842733eb3f09be61caeed83778bb6679141dbc5
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
http://secunia.com/advisories/45382
Vendor Advisory
http://secunia.com/advisories/46717
http://securitytracker.com/id?1025858
http://www.mandriva.com/security/advisories?name=MDVSA-2011:122
http://www.openwall.com/lists/oss-security/2011/07/26/13
Patch
http://www.openwall.com/lists/oss-security/2011/07/26/3
Patch
http://www.osvdb.org/74181
http://www.securityfocus.com/bid/48891
http://www.ubuntu.com/usn/USN-1179-1
https://bugzilla.novell.com/show_bug.cgi?id=708263
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=725694
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68785
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
Patch