oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: clamav clamd and clamscan DoS and bypass by malformated archive

From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 8 Apr 2009 11:38:35 -0400 (EDT)

======================================================
Name: CVE-2008-6680
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
a denial of service (crash) via a crafted EXE file that triggers a
divide-by-zero error.


======================================================
Name: CVE-2009-1270
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270
Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
cause a denial of service (infinite loop) via a crafted file that
causes (1) clamd and (2) clamscan to hang.
Previous By Date Next
Previous By Thread Next

Current thread: