Vulnerability Details : CVE-2008-1835
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
Vulnerability category: Input validation
Products affected by CVE-2008-1835
- cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*
- cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1835
0.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1835
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-1835
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-1835
-
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
Apple - Lists.apple.com
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41874
-
http://security.gentoo.org/glsa/glsa-200805-19.xml
ClamAV: Multiple vulnerabilities (GLSA 200805-19) — Gentoo security
-
http://www.securityfocus.com/bid/28784
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:088
Mandriva
-
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541
-
http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html
-
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2008/2584
Site en construction
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html
[security-announce] SUSE Security Announcement: clamav (SUSE-SA:2008:024) - openSUSE Security Announce - openSUSE Mailing Lists
Jump to