5
CVSSv2

CVE-2013-2020

Published: 13/05/2013 Updated: 28/09/2015
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

Integer underflow in the cli_scanpe function in pe.c in ClamAV prior to 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Affected Products

Vendor Product Versions
ClamavClamav0.9, 0.90, 0.90.1, 0.90.1 P0, 0.90.2, 0.90.2 P0, 0.90.3, 0.90.3 P0, 0.90.3 P1, 0.91, 0.91.1, 0.91.2, 0.91.2 P0, 0.92, 0.92.1, 0.92 P0, 0.93, 0.93.1, 0.93.2, 0.93.3, 0.94, 0.94.1, 0.94.2, 0.95, 0.95.1, 0.95.2, 0.95.3, 0.96, 0.96.1, 0.96.2, 0.96.3, 0.96.4, 0.96.5, 0.97, 0.97.1, 0.97.2, 0.97.3, 0.97.4, 0.97.5, 0.97.7
CanonicalUbuntu Linux10.04, 11.10, 12.04, 12.10, 13.04
SuseLinux Enterprise Server11.0

Vendor Advisories

ClamAV could be made to crash or run programs if it opened a specially crafted file ...

References

CWE-189http://blog.clamav.net/2013/04/clamav-0978-has-been-released.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00018.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00020.htmlhttp://secunia.com/advisories/53150http://secunia.com/advisories/53182http://support.apple.com/kb/HT5880http://support.apple.com/kb/HT5892http://www.mandriva.com/security/advisories?name=MDVSA-2013:159http://www.openwall.com/lists/oss-security/2013/04/25/2http://www.openwall.com/lists/oss-security/2013/04/29/20http://www.securityfocus.com/bid/59434http://www.ubuntu.com/usn/USN-1816-1https://bugzilla.clamav.net/show_bug.cgi?id=7055https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2013-2020http://tools.cisco.com/security/center/viewAlert.x?alertId=30801https://usn.ubuntu.com/1816-1/https://nvd.nist.govhttps://www.rapid7.com/db/vulnerabilities/apple-osx-clamav-cve-2013-2021