ID CVE-2006-1989
Summary Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. This vulnerability is addressed in the following product release: Clam Anti-Virus, ClamAV, 0.88.2
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
apple APPLE-SA-2006-06-27
bid 17754
cert-vn VU#599220
confirm
debian DSA-1050
gentoo GLSA-200605-03
mandriva MDKSA-2006:080
osvdb 25120
sectrack 1016392
secunia
  • 19874
  • 19880
  • 19912
  • 19963
  • 19964
  • 20117
  • 20159
  • 20877
suse
  • SUSE-SA:2006:025
  • SUSE-SR:2006:010
trustix 2006-0024
vupen
  • ADV-2006-1586
  • ADV-2006-2566
xf clamav-freshclam-http-bo(26182)
Last major update 20-07-2017 - 01:31
Published 01-05-2006 - 19:06
Back to Top