Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2008-AVI-083
Vulnerability from certfr_avis
Plusieurs vulnérabilités ont été découvertes dans le logiciel antivirus ClamAV. L'exploitation de ces vulnérabilités conduit à l'exécution de commandes arbitraires ou à un déni de service à distance.
Description
Deux vulnérabilités ont été découvertes dans le logiciel antivirus ClamAV :
- la première vulnérabilité est due à une erreur dans une fonction de pe.c. Cette fonction peut être exploitée par un fichier PE (Portable Executable) spécialement construit;
- la seconde vulnérabilité est due à une erreur dans une fontion de mew.c.
L'exploitation de l'une ou l'autre de ces vulnérabilités permet de provoquer un déni de service ou d'exécuter des commandes arbitraires à distance.
Solution
Se référer au bulletin de mise à jour de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
ClamAV versions antérieures à la version 0.92.1.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eClamAV versions ant\u00e9rieures \u00e0 la version 0.92.1.\u003c/p\u003e",
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le logiciel antivirus\nClamAV :\n\n- la premi\u00e8re vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur dans une fonction de\n pe.c. Cette fonction peut \u00eatre exploit\u00e9e par un fichier PE (Portable\n Executable) sp\u00e9cialement construit;\n- la seconde vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur dans une fontion de\n mew.c.\n\nL\u0027exploitation de l\u0027une ou l\u0027autre de ces vuln\u00e9rabilit\u00e9s permet de\nprovoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter des commandes arbitraires \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de mise \u00e0 jour de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
},
{
"name": "CVE-2008-0728",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
}
],
"initial_release_date": "2008-02-13T00:00:00",
"last_revision_date": "2008-02-13T00:00:00",
"links": [
{
"title": "Mise \u00e0 jour de ClamAV du 11 f\u00e9vrier 2008:",
"url": "http://sourceforge/project/shownotes.php?release_id=575703"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iDefense 658 du 13 f\u00e9vrier 2008 :",
"url": "http://www.idefense.com/ntelligence/vulnerabilities/display.php?id=658"
}
],
"reference": "CERTA-2008-AVI-083",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le logiciel antivirus\nClamAV. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s conduit \u00e0 l\u0027ex\u00e9cution de\ncommandes arbitraires ou \u00e0 un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour ClamAV du 11 f\u00e9vrier 2008",
"url": null
}
]
}
CVE-2008-0318 (GCVE-0-2008-0318)
Vulnerability from cvelistv5
Published
2008-02-12 19:00
Modified
2024-08-07 07:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28913"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=575703",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28949"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=209915",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29001"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0318",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0728 (GCVE-0-2008-0728)
Vulnerability from cvelistv5
Published
2008-02-12 19:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:22.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "clamav-mewc-heap-corruption(40474)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40474"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger \"heap corruption.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "clamav-mewc-heap-corruption(40474)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40474"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger \"heap corruption.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=575703",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29026"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=209915",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "clamav-mewc-heap-corruption(40474)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40474"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29001"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0728",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-02-12T00:00:00",
"dateUpdated": "2024-08-07T07:54:22.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…