Vulnerability Details : CVE-2007-0897
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
Vulnerability category: Denial of service
Products affected by CVE-2007-0897
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0897
19.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0897
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-02-09 |
CWE ids for CVE-2007-0897
-
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0897
-
http://secunia.com/advisories/24425
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/24332
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:043
MandrivaBroken Link
-
http://www.debian.org/security/2007/dsa-1263
[SECURITY] [DSA 1263-1] New clamav packages fix denial of serviceMailing List
-
http://secunia.com/advisories/24192
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32531
Clam AntiVirus CAB file denial of service CVE-2007-0897 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/29420
About Secunia Research | FlexeraBroken Link
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
Mailing List
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475
Broken Link;Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/0623
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://osvdb.org/32283
Broken Link
-
http://www.securitytracker.com/id?1017659
Broken Link;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/24319
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://secunia.com/advisories/24183
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://docs.info.apple.com/article.html?artnum=307562
Broken Link
-
http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html
Object not found!Broken Link
-
http://security.gentoo.org/glsa/glsa-200703-03.xml
ClamAV: Denial of service (GLSA 200703-03) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/22580
Broken Link;Patch;Third Party Advisory;VDB Entry
-
http://secunia.com/advisories/24187
About Secunia Research | FlexeraBroken Link;Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
Jump to