CVE-2013-2020

Severity

50%

Complexity

99%

Confidentiality

48%

Per http://www.ubuntu.com/usn/USN-1816-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS"

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Per http://www.ubuntu.com/usn/USN-1816-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10 Ubuntu 10.04 LTS"

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 11 years ago

2013-05-13 23:55:00

Last updated 9 years ago

2015-09-28 16:31:00

Affected Software

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

Canonical Ubuntu Linux 13.04

13.04

ClamAV 0.94 rc1

0.9

ClamAV 0.90

0.90

ClamAV 0.90rc1

0.90

ClamAV 0.90 rc1.1

0.90

ClamAV 0.90 rc2

0.90

ClamAV 0.90 rc3

0.90

ClamAV 0.90.1

0.90.1

ClamAV 0.90.1 p0

0.90.1_p0

Clamav 0.90.2

0.90.2

ClamAV 0.90.2 p0

0.90.2_p0

ClamAV 0.90.3

0.90.3

ClamAV 0.90.3 p0

0.90.3_p0

ClamAV 0.90.3 p1

0.90.3_p1

ClamAV 0.91

0.91

ClamAV 0.91rc1

0.91

ClamAV 0.91rc2

0.91

ClamAV 0.91.1

0.91.1

ClamAV 0.91.2

0.91.2

ClamAV 0.91.2 p0

0.91.2_p0

ClamAV 0.92

0.92

ClamAV 0.92.1

0.92.1

ClamAV 0.92 p0

0.92_p0

ClamAV 0.93

0.93

ClamAV 0.93.1

0.93.1

ClamAV 0.93.2

0.93.2

ClamAV 0.93.3

0.93.3

ClamAV 0.94

0.94

ClamAV 0.94.1

0.94.1

ClamAV 0.94.2

0.94.2

ClamAV 0.95

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95 SRC1

0.95

ClamAV 0.95 SRC2

0.95

ClamAV 0.95.1

0.95.1

ClamAV 0.95.2

0.95.2

ClamAV 0.95.3

0.95.3

ClamAV 0.96

0.96

ClamAV 0.96 release candidate 1

0.96

ClamAV 0.96 release candidate 2

0.96

ClamAV 0.96.1

0.96.1

ClamAV 0.96.2

0.96.2

ClamAV 0.96.3

0.96.3

ClamAV 0.96.4

0.96.4

ClamAV 0.96.5

0.96.5

ClamAV 0.97

0.97

ClamAV 0.97 Release Candidate

0.97

ClamAV 0.97.1

0.97.1

ClamAV 0.97.2

0.97.2

ClamAV 0.97.3

0.97.3

ClamAV 0.97.4

0.97.4

ClamAV 0.97.5

0.97.5

ClamAV

References

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html

Patch

APPLE-SA-2013-09-12-1

APPLE-SA-2013-09-17-1

FEDORA-2013-10853

FEDORA-2013-10953

FEDORA-2013-10980

FEDORA-2013-8047

SUSE-SU-2014:1571

openSUSE-SU-2013:0881

openSUSE-SU-2013:0883

53150

Vendor Advisory

53182

Vendor Advisory

http://support.apple.com/kb/HT5880

http://support.apple.com/kb/HT5892

MDVSA-2013:159

[oss-security] 20130424 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?

[oss-security] 20130429 Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?

59434

USN-1816-1

https://bugzilla.clamav.net/show_bug.cgi?id=7055

https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.