CVE-2006-4018

Clam Anti-Virus ClamAV 0.88.x - UPX Compressed PE File Heap Buffer Overflow

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

Desbordamiento de búfer basado en montón en la función pefromupx en libclamav/upx.c en Clam AntiVirus (ClamAV) 0.81 hasta 0.88.3 permite a atacantes remotos ejecutar código de su elección mediante un archivo empaquetado UPX manipulado que contiene secciones con valores grandes de rsize.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-08-07 First Exploit
2006-08-08 CVE Reserved
2006-08-08 CVE Published
2023-11-12 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (22)

URL	Tag	Source
http://kolab.org/security/kolab-vendor-notice-10.txt	X_refsource_confirm
http://securitytracker.com/id?1016645	Vdb Entry
http://www.securityfocus.com/archive/1/442681/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/19381	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/28286	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/28348	2006-08-07
http://www.clamav.net/security/0.88.4.html	2024-08-07
http://www.overflow.pl/adv/clamav_upx_heap.txt	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/21368	2018-10-17
http://secunia.com/advisories/21374	2018-10-17
http://secunia.com/advisories/21433	2018-10-17
http://secunia.com/advisories/21443	2018-10-17
http://secunia.com/advisories/21457	2018-10-17
http://secunia.com/advisories/21497	2018-10-17
http://secunia.com/advisories/21562	2018-10-17
http://security.gentoo.org/glsa/glsa-200608-13.xml	2018-10-17
http://www.debian.org/security/2006/dsa-1153	2018-10-17
http://www.mandriva.com/security/advisories?name=MDKSA-2006:138	2018-10-17
http://www.novell.com/linux/security/advisories/2006_46_clamav.html	2018-10-17
http://www.trustix.org/errata/2006/0046	2018-10-17
http://www.vupen.com/english/advisories/2006/3175	2018-10-17
http://www.vupen.com/english/advisories/2006/3275	2018-10-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.81 Search vendor "Clamav" for product "Clamav" and version "0.81"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.81 Search vendor "Clamav" for product "Clamav" and version "0.81"		rc1		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.82 Search vendor "Clamav" for product "Clamav" and version "0.82"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.83 Search vendor "Clamav" for product "Clamav" and version "0.83"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.84 Search vendor "Clamav" for product "Clamav" and version "0.84"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.84 Search vendor "Clamav" for product "Clamav" and version "0.84"		rc1		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.84 Search vendor "Clamav" for product "Clamav" and version "0.84"		rc2		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.85 Search vendor "Clamav" for product "Clamav" and version "0.85"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.85.1 Search vendor "Clamav" for product "Clamav" and version "0.85.1"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.86 Search vendor "Clamav" for product "Clamav" and version "0.86"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.86 Search vendor "Clamav" for product "Clamav" and version "0.86"		rc1		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.86.1 Search vendor "Clamav" for product "Clamav" and version "0.86.1"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.86.2 Search vendor "Clamav" for product "Clamav" and version "0.86.2"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.87 Search vendor "Clamav" for product "Clamav" and version "0.87"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.87.1 Search vendor "Clamav" for product "Clamav" and version "0.87.1"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.88 Search vendor "Clamav" for product "Clamav" and version "0.88"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.88.1 Search vendor "Clamav" for product "Clamav" and version "0.88.1"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.88.2 Search vendor "Clamav" for product "Clamav" and version "0.88.2"		-		Affected
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				0.88.3 Search vendor "Clamav" for product "Clamav" and version "0.88.3"		-		Affected