PT-2009-3897 · Cisco · Clamav

Publicado

2009-04-23

·

Atualizado

2009-09-16

·

CVE-2009-1371

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.95.1
Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved through a malformed file that utilizes UPack encoding, exploiting the CLI ISCONTAINED macro in libclamav/others.h.
Recommendations For versions prior to 0.95.1, update to version 0.95.1 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2009-1371
DSA-1771-1

Produtos afetados

Clamav