CVE-2008-0308 : Symantec Decomposer, as used in certain Symantec antivirus products including Sy

Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Published 2008-02-28 20:44:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2008-0308

Symantec » Scan Engine
Versions up to, including, (<=) 5.1.4.24
cpe:2.3:a:symantec:scan_engine:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Clearswift
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_clearswift:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Filtering Domino Mpe » AIX Edition
Versions up to, including, (<=) 3.0.12
cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Filtering Domino Mpe » Linux Edition
Versions up to, including, (<=) 3.0.12
cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Filtering Domino Mpe » Solaris Edition
Versions up to, including, (<=) 3.0.12
cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Messaging
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_messaging:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Microsoft Sharepoint
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_microsoft_sharepoint:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Ms Isa
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_ms_isa:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Network Attached Storage
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Scan Engine
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Antivirus Scan Engine Caching
Versions up to, including, (<=) 4.3.16.39
cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Mail Security Exchange
Versions up to, including, (<=) 4.6.5.12
cpe:2.3:a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:*
Matching versions
Symantec » Symantec Mail Security Exchange
Versions up to, including, (<=) 5.0.4.363
cpe:2.3:a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-0308

EPSS FAQ

1.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-0308

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.1	HIGH	AV:N/AC:M/Au:N/C:N/I:N/A:C	8.6	6.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2008-0308

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-0308

Jump to

Vulnerability Details : CVE-2008-0308

Products affected by CVE-2008-0308

Exploit prediction scoring system (EPSS) score for CVE-2008-0308

CVSS scores for CVE-2008-0308

CWE ids for CVE-2008-0308

References for CVE-2008-0308