Published: 08/04/2010 Updated: 07/11/2023

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

ClamAV prior to 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote malicious users to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.86.2
clamav clamav 0.88.5
clamav clamav 0.02
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.15
clamav clamav 0.90
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.88.7
clamav clamav 0.81
clamav clamav 0.86
clamav clamav 0.01
clamav clamav 0.85
clamav clamav 0.84
clamav clamav 0.3
clamav clamav 0.93.1
clamavs clamav 0.04
clamav clamav 0.95.1
clamav clamav 0.93
clamav clamav 0.70
clamav clamav 0.68.1
clamav clamav 0.03
clamav clamav 0.87.1
clamav clamav 0.9
clamav clamav 0.74
clamav clamav 0.93.3
clamav clamav 0.88
clamav clamav 0.91
clamav clamav 0.86.1
clamav clamav 0.71
clamav clamav 0.88.1
clamav clamav 0.60p
clamav clamav 0.94
clamav clamav 0.80
clamav clamav 0.91.2
clamav clamav 0.90.3
clamav clamav 0.85.1
clamav clamav 0.13
clamav clamav 0.10
clamav clamav 0.94.2
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.60
clamav clamav 0.88.2
clamav clamav 0.83
clamav clamav 0.20
clamav clamav 0.88.4
clamav clamav 0.14
clamav clamav 0.24
clamav clamav 0.66
clamav clamav 0.51
clamav clamav 0.52
clamav clamav 0.22
clamav clamav 0.72
clamavs clamav 0.06
clamav clamav 0.75
clamav clamav 0.05
clamav clamav 0.54
clamav clamav 0.96
clamav clamav
clamav clamav 0.87
clamav clamav 0.21
clamav clamav 0.67-1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.88.3
clamav clamav 0.67
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.68
clamav clamav 0.53
clamav clamav 0.93.2
clamav clamav 0.88.6
clamav clamav 0.94.1
clamav clamav 0.82
clamav clamav 0.73

It was discovered that ClamAV did not properly verify its input when processing CAB files A remote attacker could send a specially crafted CAB file to evade malware detection (CVE-2010-0098) ...

NVD-CWE-noinfo http://secunia.com/advisories/39329 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826 http://www.securityfocus.com/bid/39262 http://www.vupen.com/english/advisories/2010/0827 http://secunia.com/advisories/39293 http://www.vupen.com/english/advisories/2010/0832 http://www.ubuntu.com/usn/USN-926-1 http://www.vupen.com/english/advisories/2010/0909 http://www.mandriva.com/security/advisories?name=MDVSA-2010:082 http://www.vupen.com/english/advisories/2010/1001 http://secunia.com/advisories/39656 http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://www.vupen.com/english/advisories/2010/1206 http://www.openwall.com/lists/oss-security/2010/04/08/3 http://www.openwall.com/lists/oss-security/2010/04/06/4 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://support.apple.com/kb/HT4312 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96 https://usn.ubuntu.com/926-1/https://nvd.nist.gov

CVE-2010-0098

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect