Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3627

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-3627
Last Modified 12 Mar 2012 12:00:00
Published 17 Nov 2011 02:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3627

Summary

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

Vulnerable Systems

Application

  • Clamav 0.9

  • Clamav 0.90

  • Clamav 0.90.1

  • Clamav 0.90.2

  • Clamav 0.90.3

  • Clamav 0.91

  • Clamav 0.91.1

  • Clamav 0.91.2

  • Clamav 0.92

  • Clamav 0.92.1

  • Clamav 0.93

  • Clamav 0.93.1

  • Clamav 0.93.2

  • Clamav 0.93.3

  • Clamav 0.94

  • Clamav 0.94.1

  • Clamav 0.94.2

  • Clamav 0.95

  • Clamav 0.95.1

  • Clamav 0.95.2

  • Clamav 0.95.3

  • Clamav 0.96

  • Clamav 0.96.1

  • Clamav 0.96.2

  • Clamav 0.96.3

  • Clamav 0.96.4

  • Clamav 0.96.5

  • Clamav 0.97

  • Clamav 0.97.1

  • Clamav 0.97.2


References

CONFIRM - http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=3d664817f6ef833a17414a4ecea42004c35cc42f

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=746984

UBUNTU - USN-1258-1

BID - 50183

MLIST - [oss-security] 20111018 CVE request: recursion level crash in clamav before 0.97.3

SECUNIA - 46826

SECUNIA - 46717

FEDORA - FEDORA-2011-15033

FEDORA - FEDORA-2011-15119

FEDORA - FEDORA-2011-15076

Related Patches

Novell SUSE 2011:5309 clamav security update for SLE 11 SP1 i586

Novell SUSE 2011:7805 clamav security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:57:44