// For flags

CVE-2008-0318

 

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

Un desbordamiento de enteros en la función cli_scanpe en libclamav en ClamAV anterior a la versión 0.92.1, tal como es usado en clamd, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un archivo PE empaquetado Petite creado, que desencadena un desbordamiento de búfer en la región heap de la memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-01-16 CVE Reserved
  • 2008-02-12 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-04-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
CAPEC
References (26)
URL Tag Source
http://bugs.gentoo.org/show_bug.cgi?id=209915 X_refsource_confirm
http://docs.info.apple.com/article.html?artnum=307562 X_refsource_confirm
http://kolab.org/security/kolab-vendor-notice-19.txt X_refsource_confirm
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658 Third Party Advisory
http://securitytracker.com/id?1019394 Vdb Entry
http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html X_refsource_confirm
http://www.securityfocus.com/bid/27751 Vdb Entry
URL Date SRC
URL Date SRC
http://sourceforge.net/project/shownotes.php?release_id=575703 2011-03-07
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html 2011-03-07
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html 2011-03-07
http://secunia.com/advisories/28907 2011-03-07
http://secunia.com/advisories/28913 2011-03-07
http://secunia.com/advisories/28949 2011-03-07
http://secunia.com/advisories/29001 2011-03-07
http://secunia.com/advisories/29026 2011-03-07
http://secunia.com/advisories/29048 2011-03-07
http://secunia.com/advisories/29060 2011-03-07
http://secunia.com/advisories/29420 2011-03-07
http://security.gentoo.org/glsa/glsa-200802-09.xml 2011-03-07
http://www.debian.org/security/2008/dsa-1497 2011-03-07
http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 2011-03-07
http://www.vupen.com/english/advisories/2008/0503 2011-03-07
http://www.vupen.com/english/advisories/2008/0606 2011-03-07
http://www.vupen.com/english/advisories/2008/0924/references 2011-03-07
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html 2011-03-07
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html 2011-03-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Clam Anti-virus
Search vendor "Clam Anti-virus"
 Clamav
Search vendor "Clam Anti-virus" for product "Clamav"
 <= 0.92
Search vendor "Clam Anti-virus" for product "Clamav" and version " <= 0.92"
-
Affected