CVE-2007-3123

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

El unrar.c en libclamav del ClamAV en versiones anteriores a 0.90.3 y la 0.91 en versiones anteriores a 0.91rc1 permite a atacantes remotos provocar una denegación del servicio (volado de memoria tras un error en ejecución) a través de un fichero RAR manipulado con un valor vm_codesize modificado, lo cual dispara un desbordamiento de búfer basado en montículo.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-06-07 CVE Reserved
2007-06-07 CVE Published
2024-08-02 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (14)

URL	Tag	Source
http://kolab.org/security/kolab-vendor-notice-15.txt	X_refsource_confirm
http://osvdb.org/35522	Vdb Entry
http://secunia.com/advisories/25523	Third Party Advisory
http://secunia.com/advisories/25525	Third Party Advisory
http://secunia.com/advisories/25688	Third Party Advisory
http://secunia.com/advisories/25796	Third Party Advisory
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	X_refsource_confirm
http://www.securityfocus.com/bid/24289	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34778	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html	2017-07-29
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521	2017-07-29

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200706-05.xml	2017-07-29
http://www.debian.org/security/2007/dsa-1320	2017-07-29
http://www.novell.com/linux/security/advisories/2007_33_clamav.html	2017-07-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90"		-		Affected
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90.1 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90.1"		-		Affected
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90.2 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90.2"		-		Affected
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90_rc1.1 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90_rc1.1"		-		Affected
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90_rc2 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90_rc2"		-		Affected
Clam Anti-virus Search vendor "Clam Anti-virus"		Clamav Search vendor "Clam Anti-virus" for product "Clamav"				0.90_rc3 Search vendor "Clam Anti-virus" for product "Clamav" and version "0.90_rc3"		-		Affected