Published: 17/11/2011 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The bytecode engine in ClamAV prior to 0.97.3 allows remote malicious users to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clamav clamav 0.95.2
clamav clamav 0.92
clamav clamav 0.95
clamav clamav 0.90
clamav clamav 0.97
clamav clamav 0.93.1
clamav clamav 0.95.1
clamav clamav
clamav clamav 0.93
clamav clamav 0.96.4
clamav clamav 0.9
clamav clamav 0.93.3
clamav clamav 0.91
clamav clamav 0.94
clamav clamav 0.91.2
clamav clamav 0.96.3
clamav clamav 0.90.3
clamav clamav 0.96.2
clamav clamav 0.94.2
clamav clamav 0.96.1
clamav clamav 0.96
clamav clamav 0.96.5
clamav clamav 0.97.1
clamav clamav 0.90.1
clamav clamav 0.91.1
clamav clamav 0.95.3
clamav clamav 0.92.1
clamav clamav 0.90.2
clamav clamav 0.93.2
clamav clamav 0.94.1

ClamAV could be made to crash or run programs as your login if it opened a specially crafted file ...

CWE-189 http://www.securityfocus.com/bid/50183 http://www.openwall.com/lists/oss-security/2011/10/18/1 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html https://bugzilla.redhat.com/show_bug.cgi?id=746984 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html http://www.ubuntu.com/usn/USN-1258-1 http://secunia.com/advisories/46826 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html http://secunia.com/advisories/46717 http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=3d664817f6ef833a17414a4ecea42004c35cc42f https://usn.ubuntu.com/1258-1/https://nvd.nist.gov

CVE-2011-3627

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect