Skip to main content

ClamAVcli_url_canon()" Buffer Overflow and UPack DoS Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Apr 2009 5392 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in ClamAV, which could be exploited by attackers or malware to cause a denial of service or compromise a vulnerable system.

1. A buffer overflow error in the "cli_url_canon()" [libclamav/phishcheck.c] function when processing specially crafted URLs, which could be exploited by attackers to compromise a vulnerable system.

2. An error when processing malformed files packed with UPack, which could be exploited by attackers or malware to crash an affected application.


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • ClamAV versions prior to 0.95.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier

  • No CVE information is available

Source