Lucene search

[email protected]NVD:CVE-2013-2020

HistoryMay 13, 2013 - 11:55 p.m.

CVE-2013-2020

2013-05-1323:55:02

CWE-189

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

9 High

AI Score

Confidence

High

0.139 Low

EPSS

Percentile

95.7%

JSON

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

Node

suselinux_enterprise_serverMatch11.0sp1

suselinux_enterprise_serverMatch11.0sp2

Node

clamavclamavRange≤0.97.7

clamavclamavMatch0.9rc1

clamavclamavMatch0.90

clamavclamavMatch0.90rc1

clamavclamavMatch0.90rc1.1

clamavclamavMatch0.90rc2

clamavclamavMatch0.90rc3

clamavclamavMatch0.90.1

clamavclamavMatch0.90.1_p0

clamavclamavMatch0.90.2

clamavclamavMatch0.90.2_p0

clamavclamavMatch0.90.3

clamavclamavMatch0.90.3_p0

clamavclamavMatch0.90.3_p1

clamavclamavMatch0.91

clamavclamavMatch0.91rc1

clamavclamavMatch0.91rc2

clamavclamavMatch0.91.1

clamavclamavMatch0.91.2

clamavclamavMatch0.91.2_p0

clamavclamavMatch0.92

clamavclamavMatch0.92.1

clamavclamavMatch0.92_p0

clamavclamavMatch0.93

clamavclamavMatch0.93.1

clamavclamavMatch0.93.2

clamavclamavMatch0.93.3

clamavclamavMatch0.94

clamavclamavMatch0.94.1

clamavclamavMatch0.94.2

clamavclamavMatch0.95

clamavclamavMatch0.95rc1

clamavclamavMatch0.95rc2

clamavclamavMatch0.95src1

clamavclamavMatch0.95src2

clamavclamavMatch0.95.1

clamavclamavMatch0.95.2

clamavclamavMatch0.95.3

clamavclamavMatch0.96

clamavclamavMatch0.96rc1

clamavclamavMatch0.96rc2

clamavclamavMatch0.96.1

clamavclamavMatch0.96.2

clamavclamavMatch0.96.3

clamavclamavMatch0.96.4

clamavclamavMatch0.96.5

clamavclamavMatch0.97

clamavclamavMatch0.97rc

clamavclamavMatch0.97.1

clamavclamavMatch0.97.2

clamavclamavMatch0.97.3

clamavclamavMatch0.97.4

clamavclamavMatch0.97.5

References

blog.clamav.net/2013/04/clamav-0978-has-been-released.html

lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html

lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html

lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html

lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

lists.opensuse.org/opensuse-updates/2013-06/msg00018.html

lists.opensuse.org/opensuse-updates/2013-06/msg00020.html

secunia.com/advisories/53150

secunia.com/advisories/53182

support.apple.com/kb/HT5880

support.apple.com/kb/HT5892

www.mandriva.com/security/advisories?name=MDVSA-2013:159

www.openwall.com/lists/oss-security/2013/04/25/2

www.openwall.com/lists/oss-security/2013/04/29/20

www.securityfocus.com/bid/59434

www.ubuntu.com/usn/USN-1816-1

bugzilla.clamav.net/show_bug.cgi?id=7055

github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

9 High

AI Score

Confidence

High

0.139 Low

EPSS

Percentile

95.7%

JSON

Related for NVD:CVE-2013-2020

prion1 cve1 cvelist1 ubuntucve1 checkpoint_advisories1 debiancve1 nessus14 openvas13 securityvulns3 fedora4 ubuntu1 suse1 gentoo1