ID CVE-2011-3627
Summary The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
References
Vulnerable Configurations
  • ClamAV 0.97 Release Candidate
    cpe:2.3:a:clamav:clamav:0.97:rc
  • ClamAV 0.97.1
    cpe:2.3:a:clamav:clamav:0.97.1
  • ClamAV 0.97
    cpe:2.3:a:clamav:clamav:0.97
  • ClamAV 0.96 release candidate 2
    cpe:2.3:a:clamav:clamav:0.96:rc2
  • ClamAV 0.96 release candidate 1
    cpe:2.3:a:clamav:clamav:0.96:rc1
  • ClamAV 0.96.5
    cpe:2.3:a:clamav:clamav:0.96.5
  • ClamAV 0.96.4
    cpe:2.3:a:clamav:clamav:0.96.4
  • ClamAV 0.96.3
    cpe:2.3:a:clamav:clamav:0.96.3
  • ClamAV 0.96.2
    cpe:2.3:a:clamav:clamav:0.96.2
  • ClamAV 0.96.1
    cpe:2.3:a:clamav:clamav:0.96.1
  • ClamAV 0.96
    cpe:2.3:a:clamav:clamav:0.96
  • ClamAV 0.95 SRC2
    cpe:2.3:a:clamav:clamav:0.95:src2
  • ClamAV 0.95 SRC1
    cpe:2.3:a:clamav:clamav:0.95:src1
  • ClamAV 0.95 SRC2
    cpe:2.3:a:clamav:clamav:0.95:rc2
  • ClamAV 0.95 SRC1
    cpe:2.3:a:clamav:clamav:0.95:rc1
  • ClamAV 0.95.3
    cpe:2.3:a:clamav:clamav:0.95.3
  • ClamAV 0.95.2
    cpe:2.3:a:clamav:clamav:0.95.2
  • ClamAV 0.95.1
    cpe:2.3:a:clamav:clamav:0.95.1
  • ClamAV 0.95
    cpe:2.3:a:clamav:clamav:0.95
  • ClamAV 0.94.2
    cpe:2.3:a:clamav:clamav:0.94.2
  • ClamAV 0.94.1
    cpe:2.3:a:clamav:clamav:0.94.1
  • ClamAV 0.94
    cpe:2.3:a:clamav:clamav:0.94
  • ClamAV 0.93.3
    cpe:2.3:a:clamav:clamav:0.93.3
  • ClamAV 0.93.2
    cpe:2.3:a:clamav:clamav:0.93.2
  • ClamAV 0.93.1
    cpe:2.3:a:clamav:clamav:0.93.1
  • ClamAV 0.93
    cpe:2.3:a:clamav:clamav:0.93
  • ClamAV 0.92.1
    cpe:2.3:a:clamav:clamav:0.92.1
  • ClamAV 0.92
    cpe:2.3:a:clamav:clamav:0.92
  • ClamAV 0.91rc2
    cpe:2.3:a:clamav:clamav:0.91:rc2
  • ClamAV 0.91rc1
    cpe:2.3:a:clamav:clamav:0.91:rc1
  • ClamAV 0.91.2
    cpe:2.3:a:clamav:clamav:0.91.2
  • ClamAV 0.91.1
    cpe:2.3:a:clamav:clamav:0.91.1
  • ClamAV 0.91
    cpe:2.3:a:clamav:clamav:0.91
  • ClamAV 0.90 rc3
    cpe:2.3:a:clamav:clamav:0.90:rc3
  • ClamAV 0.90 rc2
    cpe:2.3:a:clamav:clamav:0.90:rc2
  • ClamAV 0.90 rc1.1
    cpe:2.3:a:clamav:clamav:0.90:rc1.1
  • ClamAV 0.90rc1
    cpe:2.3:a:clamav:clamav:0.90:rc1
  • ClamAV 0.90.3
    cpe:2.3:a:clamav:clamav:0.90.3
  • Clamav 0.90.2
    cpe:2.3:a:clamav:clamav:0.90.2
  • ClamAV 0.90.1
    cpe:2.3:a:clamav:clamav:0.90.1
  • ClamAV 0.90
    cpe:2.3:a:clamav:clamav:0.90
  • ClamAV 0.94 rc1
    cpe:2.3:a:clamav:clamav:0.9:rc1
  • ClamAV 0.97.2
    cpe:2.3:a:clamav:clamav:0.97.2
CVSS
Base: 4.3 (as of 18-11-2011 - 11:25)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-15076.NASL
    description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 56732
    published 2011-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56732
    title Fedora 14 : clamav-0.97.3-1400.fc14 (2011-15076)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-15033.NASL
    description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 56731
    published 2011-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56731
    title Fedora 16 : clamav-0.97.3-1600.fc16 (2011-15033)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-15119.NASL
    description Update to 0.97.3 which fixes CVE-2011-3627 clamav: Recursion level crash fixed in v0.97.3 ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 56733
    published 2011-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56733
    title Fedora 15 : clamav-0.97.3-1500.fc15 (2011-15119)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_CLAMAV-111019.NASL
    description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75800
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75800
    title openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-7805.NASL
    description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue.
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 57169
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57169
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 7805)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_CLAMAV-111019.NASL
    description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue.
    last seen 2018-09-02
    modified 2013-10-25
    plugin id 57093
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57093
    title SuSE 11.1 Security Update : clamav (SAT Patch Number 5309)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_CLAMAV-111019.NASL
    description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75452
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75452
    title openSUSE Security Update : clamav (openSUSE-SU-2011:1177-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1258-1.NASL
    description Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 56777
    published 2011-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56777
    title Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : clamav vulnerability (USN-1258-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_CLAMAV-7804.NASL
    description This version update of clamav fixes a recursion level crash. CVE-2011-3627 was assigned to this issue.
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 56602
    published 2011-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56602
    title SuSE 10 Security Update : clamav (ZYPP Patch Number 7804)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-20 (Clam AntiVirus: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Clam AntiVirus. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute arbitrary code with the privileges of the Clam AntiVirus process or cause a Denial of Service by causing an affected user or system to scan a crafted file. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56595
    published 2011-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56595
    title GLSA-201110-20 : Clam AntiVirus: Multiple vulnerabilities
refmap via4
bid 50183
confirm http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=3d664817f6ef833a17414a4ecea42004c35cc42f
fedora
  • FEDORA-2011-15033
  • FEDORA-2011-15076
  • FEDORA-2011-15119
misc https://bugzilla.redhat.com/show_bug.cgi?id=746984
mlist [oss-security] 20111018 CVE request: recursion level crash in clamav before 0.97.3
secunia
  • 46717
  • 46826
ubuntu USN-1258-1
Last major update 12-03-2012 - 00:00
Published 17-11-2011 - 14:55
Back to Top