Lucene search
HistoryJul 05, 2005 - 4:00 a.m.
CVE-2005-1923
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
AI Score
6.4
Confidence
High
EPSS
0.002
Percentile
53.6%
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
Affected configurations
Node
clam_anti-virusclamavMatch0.83
ORclam_anti-virusclamavMatch0.84_rc1
ORclam_anti-virusclamavMatch0.84_rc2
ORclam_anti-virusclamavMatch0.85
ORclam_anti-virusclamavMatch0.85.1
Related
cve
cve
CVE-2005-1923
2005-07-05 04:00:00
securityvulns
securityvulns
nessus
nessus
FreeBSD : clamav -- cabinet file handling DoS vulnerability (d8e1aadd-ee68-11d9-8310-0001020eed82)
2005-07-13 00:00:00
Debian DSA-737-1 : clamav - remote denial of service
2005-07-06 00:00:00
Debian DSA-773-1 : amd64 - several vulnerabilities
2012-01-12 00:00:00
freebsd
freebsd
clamav -- cabinet file handling DoS vulnerability
2005-06-29 00:00:00
cvelist
cvelist
CVE-2005-1923
2005-06-30 04:00:00
openvas
openvas
FreeBSD Ports: clamav
2008-09-04 00:00:00
FreeBSD Ports: clamav
2008-09-04 00:00:00
Debian Security Advisory DSA 737-1 (clamav)
2008-01-17 00:00:00
ubuntucve
ubuntucve
CVE-2005-1923
2005-07-05 00:00:00
debiancve
debiancve
CVE-2005-1923
2005-07-05 04:00:00
debian
debian
[SECURITY] [DSA 737-1] New clamav packages fix potential DOS
2005-07-05 23:44:41
[SECURITY] [DSA 737-1] New clamav packages fix potential DOS
2005-07-05 23:44:41
CVSS2
2.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
AI Score
6.4
Confidence
High
EPSS
0.002
Percentile
53.6%
Related for NVD:CVE-2005-1923