// For flags

CVE-2008-3912

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

libclamav en ClamAV en versiones anteriores a 0.94 que permite a los atacantes causar una denegación de servicios (puntero NULL no referenciado y caída de la aplicación) a través de vectores relacionados con condiciones de fuera de memoria.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-09-04 CVE Reserved
  • 2008-09-09 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
References (24)
URL Tag Source
http://kolab.org/security/kolab-vendor-notice-22.txt Broken Link
http://secunia.com/advisories/31906 Third Party Advisory
http://secunia.com/advisories/31982 Third Party Advisory
http://secunia.com/advisories/32030 Third Party Advisory
http://secunia.com/advisories/32222 Third Party Advisory
http://secunia.com/advisories/32424 Third Party Advisory
http://secunia.com/advisories/32699 Third Party Advisory
http://support.apple.com/kb/HT3216 Third Party Advisory
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog Broken Link
http://www.openwall.com/lists/oss-security/2008/09/03/2 Mailing List
http://www.openwall.com/lists/oss-security/2008/09/04/13 Mailing List
http://www.securityfocus.com/bid/31681 Third Party Advisory
http://www.securitytracker.com/id?1020828 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45056 Third Party Advisory
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1141 Broken Link
URL Date SRC
URL Date SRC
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661 2020-11-09
http://www.securityfocus.com/bid/31051 2020-11-09
URL Date SRC
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html 2020-11-09
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html 2020-11-09
http://security.gentoo.org/glsa/glsa-200809-18.xml 2020-11-09
http://www.debian.org/security/2008/dsa-1660 2020-11-09
http://www.mandriva.com/security/advisories?name=MDVSA-2008:189 2020-11-09
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html 2020-11-09
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html 2020-11-09
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Clamav
Search vendor "Clamav"
 Clamav
Search vendor "Clamav" for product "Clamav"
 < 0.94
Search vendor "Clamav" for product "Clamav" and version " < 0.94"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected