CVE-2005-3501

Severity

43%

Complexity

86%

Confidentiality

48%

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

First reported 19 years ago

2005-11-05 11:02:00

Last updated 13 years ago

2011-07-14 04:00:00

Affected Software

ClamAV 0.01

0.01

ClamAV 0.02

0.02

ClamAV 0.03

0.03

ClamAV ClamAV 0.3

0.3

ClamAV 0.05

0.05

ClamAV 0.80 Release Candidate 3

0.8

ClamAV 0.10

0.10

ClamAV 0.12

0.12

ClamAV 0.13

0.13

ClamAV 0.14

0.14

ClamAV 0.14 pre

0.14

ClamAV 0.15

0.15

ClamAV 0.20

0.20

ClamAV 0.21

0.21

ClamAV 0.22

0.22

ClamAV 0.23

0.23

ClamAV 0.24

0.24

ClamAV ClamAV 0.51

0.51

ClamAV 0.52

0.52

ClamAV 0.53

0.53

ClamAV ClamAV 0.54

0.54

ClamAV 0.60

0.60

ClamAV 0.60p

0.60p

ClamAV 0.65

0.65

ClamAV ClamAV 0.66

0.66

ClamAV 0.67

0.67

ClamAV ClamAV 0.67-1

0.67-1

ClamAV 0.68

0.68

ClamAV 0.68.1

0.68.1

ClamAV 0.70

0.70

ClamAV 0.70 Release Candidate

0.70

ClamAV 0.71

0.71

ClamAV 0.72

0.72

ClamAV 0.73

0.73

ClamAV 0.74

0.74

ClamAV 0.75

0.75

ClamAV 0.75.1

0.75.1

ClamAV 0.80

0.80

ClamAV 0.80 Release Candidate

0.80

ClamAV 0.80 Release Candidate 1

0.80

ClamAV 0.80 Release Candidate 2

0.80

ClamAV 0.80 Release Candidate 3

0.80

ClamAV 0.80 Release Candidate 4

0.80

ClamAV 0.80 Release Candidate

0.80_rc

ClamAV 0.81

0.81

ClamAV 0.81 Release Candidate 1

0.81

ClamAV 0.82

0.82

ClamAV 0.83

0.83

ClamAV 0.84

0.84

ClamAV 0.84 Release Candidate 1

0.84

ClamAV 0.84 Release Candidate 2

0.84

ClamAV 0.85

0.85

ClamAV 0.85.1

0.85.1

ClamAV 0.86

0.86

ClamAV 0.86 Release Candidate 1

0.86

ClamAV 0.86.1

0.86.1

ClamAV 0.86.2

0.86.2

ClamAV

References

17184

Vendor Advisory

17434

Patch, Vendor Advisory

17451

Vendor Advisory

17501

Vendor Advisory

17559

Vendor Advisory

150

1015154

http://sourceforge.net/project/shownotes.php?release_id=368319

Patch

DSA-887

GLSA-200511-04

20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability

Exploit, Patch, Vendor Advisory

MDKSA-2005:205

20484

15317

ADV-2005-2294

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.