ID CVE-2005-3501
Summary The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
References
Vulnerable Configurations
  • cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:-:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:-:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.70.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.70.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.71.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.71.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.72.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.72.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.73.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.73.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.74.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.74.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.75.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.75.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.80.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.80.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.81.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.81.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.82.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.82.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.83.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.83.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.84.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.84.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.85.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.85.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.86.0:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.86.0:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 14-07-2011 - 04:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 15317
confirm http://sourceforge.net/project/shownotes.php?release_id=368319
debian DSA-887
gentoo GLSA-200511-04
idefense 20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability
mandriva MDKSA-2005:205
osvdb 20484
sectrack 1015154
secunia
  • 17184
  • 17434
  • 17451
  • 17501
  • 17559
sreason 150
suse SUSE-SR:2005:026
vupen ADV-2005-2294
Last major update 14-07-2011 - 04:00
Published 05-11-2005 - 11:02
Last modified 14-07-2011 - 04:00
Back to Top