// For flags

CVE-2006-1989

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-04-24 CVE Reserved
  • 2006-05-01 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-04-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (24)
URL Tag Source
http://kolab.org/security/kolab-vendor-notice-09.txt X_refsource_confirm
http://secunia.com/advisories/19874 Third Party Advisory
http://secunia.com/advisories/19912 Third Party Advisory
http://secunia.com/advisories/19963 Third Party Advisory
http://secunia.com/advisories/19964 Third Party Advisory
http://secunia.com/advisories/20117 Third Party Advisory
http://secunia.com/advisories/20159 Third Party Advisory
http://secunia.com/advisories/20877 Third Party Advisory
http://securitytracker.com/id?1016392 Vdb Entry
http://www.kb.cert.org/vuls/id/599220 Third Party Advisory
http://www.osvdb.org/25120 Vdb Entry
http://www.vupen.com/english/advisories/2006/1586 Vdb Entry
http://www.vupen.com/english/advisories/2006/2566 Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/26182 Vdb Entry
URL Date SRC
http://secunia.com/advisories/19880 2024-08-07
http://www.clamav.net/security/0.88.2.html 2024-08-07
URL Date SRC
http://www.securityfocus.com/bid/17754 2017-07-20
URL Date SRC
http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html 2017-07-20
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html 2017-07-20
http://www.debian.org/security/2006/dsa-1050 2017-07-20
http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml 2017-07-20
http://www.mandriva.com/security/advisories?name=MDKSA-2006:080 2017-07-20
http://www.novell.com/linux/security/advisories/2006_05_05.html 2017-07-20
http://www.trustix.org/errata/2006/0024 2017-07-20
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Clam Anti-virus
Search vendor "Clam Anti-virus"
 Clamav
Search vendor "Clam Anti-virus" for product "Clamav"
 0.88
Search vendor "Clam Anti-virus" for product "Clamav" and version "0.88"
-
Affected
Clam Anti-virus
Search vendor "Clam Anti-virus"
 Clamav
Search vendor "Clam Anti-virus" for product "Clamav"
 0.88.1
Search vendor "Clam Anti-virus" for product "Clamav" and version "0.88.1"
-
Affected