Vulnerability Details : CVE-2011-3627
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
Vulnerability category: Denial of service
Products affected by CVE-2011-3627
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:rc2:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.2:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.3:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.4:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.97:rc:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.96.5:*:*:*:*:*:*:*
- cpe:2.3:a:clamav:clamav:0.97.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3627
1.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3627
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2011-3627
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3627
-
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=3d664817f6ef833a17414a4ecea42004c35cc42f
-
http://www.openwall.com/lists/oss-security/2011/10/18/1
oss-security - CVE request: recursion level crash in clamav before 0.97.3
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html
[SECURITY] Fedora 14 Update: clamav-0.97.3-1400.fc14
-
http://www.securityfocus.com/bid/50183
ClamAV Recursion Level Handling Denial of Service Vulnerability
-
http://secunia.com/advisories/46826
Sign inVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068942.html
[SECURITY] Fedora 16 Update: clamav-0.97.3-1600.fc16
-
http://www.ubuntu.com/usn/USN-1258-1
USN-1258-1: ClamAV vulnerability | Ubuntu security notices
-
http://secunia.com/advisories/46717
Sign inVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=746984
746984 – (CVE-2011-3627) CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068941.html
[SECURITY] Fedora 15 Update: clamav-0.97.3-1500.fc15
Jump to