CVE-2011-2721

Severity

50%

Complexity

99%

Confidentiality

48%

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 13 years ago

2011-08-05 21:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

ClamAV 0.01

0.01

ClamAV 0.02

0.02

ClamAV 0.03

0.03

ClamAV ClamAV 0.3

0.3

ClamAV 0.05

0.05

ClamAV 0.80 Release Candidate 3

0.8

ClamAV 0.94 rc1

0.9

ClamAV 0.10

0.10

ClamAV 0.12

0.12

ClamAV 0.13

0.13

ClamAV 0.14

0.14

ClamAV 0.14 pre

0.14

ClamAV 0.15

0.15

ClamAV 0.20

0.20

ClamAV 0.21

0.21

ClamAV 0.22

0.22

ClamAV 0.23

0.23

ClamAV 0.24

0.24

ClamAV ClamAV 0.51

0.51

ClamAV 0.52

0.52

ClamAV 0.53

0.53

ClamAV ClamAV 0.54

0.54

ClamAV 0.60

0.60

ClamAV 0.60p

0.60p

ClamAV 0.65

0.65

ClamAV ClamAV 0.66

0.66

ClamAV 0.67

0.67

ClamAV ClamAV 0.67-1

0.67-1

ClamAV 0.68

0.68

ClamAV 0.68.1

0.68.1

ClamAV 0.70

0.70

ClamAV 0.70 Release Candidate

0.70

ClamAV 0.71

0.71

ClamAV 0.72

0.72

ClamAV 0.73

0.73

ClamAV 0.74

0.74

ClamAV 0.75

0.75

ClamAV 0.75.1

0.75.1

ClamAV 0.80

0.80

ClamAV 0.80 Release Candidate

0.80

ClamAV 0.80 Release Candidate 1

0.80

ClamAV 0.80 Release Candidate 2

0.80

ClamAV 0.80 Release Candidate 3

0.80

ClamAV 0.80 Release Candidate 4

0.80

ClamAV 0.80 Release Candidate

0.80_rc

ClamAV 0.81

0.81

ClamAV 0.81 Release Candidate 1

0.81

ClamAV 0.82

0.82

ClamAV 0.83

0.83

ClamAV 0.84

0.84

ClamAV 0.84 Release Candidate 1

0.84

ClamAV 0.84 Release Candidate 2

0.84

ClamAV 0.85

0.85

ClamAV 0.85.1

0.85.1

ClamAV 0.86

0.86

ClamAV 0.86 Release Candidate 1

0.86

ClamAV 0.86.1

0.86.1

ClamAV 0.86.2

0.86.2

ClamAV 0.87

0.87

ClamAV 0.87.1

0.87.1

ClamAV 0.88

0.88

ClamAV 0.88.1

0.88.1

ClamAV 0.88.2

0.88.2

ClamAV 0.88.3

0.88.3

ClamAV 0.88.4

0.88.4

ClamAV 0.88.5

0.88.5

ClamAV 0.88.6

0.88.6

ClamAV 0.88.7

0.88.7

ClamAV 0.88.7 p0

0.88.7_p0

ClamAV 0.88.7 p1

0.88.7_p1

ClamAV 0.90

0.90

ClamAV 0.90rc1

0.90

ClamAV 0.90 rc1.1

0.90

ClamAV 0.90 rc2

0.90

ClamAV 0.90 rc3

0.90

ClamAV 0.90.1

0.90.1

ClamAV 0.90.1 p0

0.90.1_p0

Clamav 0.90.2

0.90.2

ClamAV 0.90.2 p0

0.90.2_p0

ClamAV 0.90.3

0.90.3

ClamAV 0.90.3 p0

0.90.3_p0

ClamAV 0.90.3 p1

0.90.3_p1

ClamAV 0.91

0.91

ClamAV 0.91rc1

0.91

ClamAV 0.91rc2

0.91

ClamAV 0.91.1

0.91.1

ClamAV 0.91.2

0.91.2

ClamAV 0.91.2 p0

0.91.2_p0

ClamAV 0.92

0.92

ClamAV 0.92.1

0.92.1

ClamAV 0.92 p0

0.92_p0

ClamAV 0.93

0.93

ClamAV 0.93.1

0.93.1

ClamAV 0.93.2

0.93.2

ClamAV 0.93.3

0.93.3

ClamAV 0.94

0.94

ClamAV 0.94.1

0.94.1

ClamAV 0.94.2

0.94.2

ClamAV 0.95

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95.1

0.95.1

ClamAV 0.95.2

0.95.2

ClamAV 0.95.3

0.95.3

ClamAV 0.96

0.96

ClamAV 0.96 release candidate 1

0.96

ClamAV 0.96 release candidate 2

0.96

ClamAV 0.96.1

0.96.1

ClamAV 0.96.2

0.96.2

ClamAV 0.96.3

0.96.3

ClamAV 0.96.4

0.96.4

ClamAV 0.96.5

0.96.5

ClamAV 0.97

0.97

ClamAV 0.97 Release Candidate

0.97

ClamAV

References

http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2

http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5

Patch

FEDORA-2011-15076

FEDORA-2011-15119

FEDORA-2011-15033

45382

Vendor Advisory

46717

1025858

MDVSA-2011:122

[oss-security] 20110726 Re: CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes

Patch

[oss-security] 20110726 CVE Request -- Clam AntiVirus -- v0.97.2 -- Off-by-one error by scanning message hashes

Patch

74181

48891

USN-1179-1

https://bugzilla.novell.com/show_bug.cgi?id=708263

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=725694

Patch

clamav-scan-dos(68785)

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.