Vulnerability Details : CVE-2006-0162
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-0162
- cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0162
28.00%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0162
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-0162
-
http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
ClamAV: Remote execution of arbitrary code (GLSA 200601-07) — Gentoo security
-
http://securitytracker.com/id?1015457
GoDaddy Domain Name Search
-
http://securityreason.com/securityalert/342
Clam AntiVirus UPX Unpacking Code Execution Vulnerability - CXSecurity.com
-
http://secunia.com/advisories/18478
About Secunia Research | Flexera
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
[Full-Disclosure] Mailing List Charter
-
http://secunia.com/advisories/18453
About Secunia Research | Flexera
-
http://secunia.com/advisories/18463
About Secunia Research | Flexera
-
http://www.vupen.com/english/advisories/2006/0116
Site en construction
-
http://www.securityfocus.com/bid/16191
Patch
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
Mandriva
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24047
Clam AntiVirus libclamav/upx.c buffer overflow CVE-2005-3587 Vulnerability Report
-
http://www.trustix.org/errata/2006/0002/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.osvdb.org/22318
404 Not Found
-
http://www.debian.org/security/2006/dsa-947
[SECURITY] [DSA 947-1] New ClamAV packages fix heap overflow
-
http://secunia.com/advisories/18548
About Secunia Research | Flexera
-
http://secunia.com/advisories/18379
About Secunia Research | FlexeraPatch;Vendor Advisory
-
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
ZDI-06-001 | Zero Day Initiative
-
http://www.kb.cert.org/vuls/id/385908
VU#385908 - Clam AntiVirus vulnerable to memory corruption via specially crafted UPX packed fileUS Government Resource
-
http://www.clamav.net/doc/0.88/ChangeLog
www.clamav.net
Jump to