FKIE_CVE-2006-4018

Vulnerability from fkie_nvd - Published: 2006-08-08 20:04 - Updated: 2026-06-16 22:28
Severity
Summary
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
References
cve@mitre.orghttp://kolab.org/security/kolab-vendor-notice-10.txt
cve@mitre.orghttp://secunia.com/advisories/21368Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21374Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21433Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21443Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21457Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21497Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21562Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200608-13.xml
cve@mitre.orghttp://securitytracker.com/id?1016645
cve@mitre.orghttp://www.clamav.net/security/0.88.4.htmlExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1153
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:138
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_46_clamav.html
cve@mitre.orghttp://www.overflow.pl/adv/clamav_upx_heap.txtExploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/442681/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19381
cve@mitre.orghttp://www.trustix.org/errata/2006/0046/
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3175Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3275Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28286
af854a3a-2127-422b-91ae-364da2661108http://kolab.org/security/kolab-vendor-notice-10.txt
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21368Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21374Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21433Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21443Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21457Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21497Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21562Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200608-13.xml
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016645
af854a3a-2127-422b-91ae-364da2661108http://www.clamav.net/security/0.88.4.htmlExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1153
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:138
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_46_clamav.html
af854a3a-2127-422b-91ae-364da2661108http://www.overflow.pl/adv/clamav_upx_heap.txtExploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/442681/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19381
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2006/0046/
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3175Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3275Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28286
Impacted products
Vendor Product Version
clamav clamav 0.81
clamav clamav 0.81
clamav clamav 0.82
clamav clamav 0.83
clamav clamav 0.84
clamav clamav 0.84
clamav clamav 0.84
clamav clamav 0.85
clamav clamav 0.85.1
clamav clamav 0.86
clamav clamav 0.86
clamav clamav 0.86.1
clamav clamav 0.86.2
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88
clamav clamav 0.88.1
clamav clamav 0.88.2
clamav clamav 0.88.3

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA719FE4-04E0-4664-8EEC-70CD613408DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "9F7364D6-36F6-4615-95F0-E0B56722DAAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "C859F864-B68F-4805-B804-E50F2C3FFE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5CAFEA5-C062-43EA-A302-38887DA6768C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "525DC218-308C-4A0E-96A7-DC74B8973B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "A4969C16-F67D-4C30-A537-FE64F4CFC3D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B0D72B20-1F61-4499-9ADE-88AF98C3C19C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "72C71B82-8F84-4855-A138-7E7436788D69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "039341D8-8E2B-4901-BFA6-9CCC46A18C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "C048A75E-6587-485C-9F2B-E12BED34FF2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "97DAD83E-F14F-4B87-B5D8-7BCAD8F446BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EC4D448-DDCD-4C0B-AA84-2D054FCF718C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B003639-3228-4AC1-AB46-73481BB5DDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D6A495D-F9BB-41B9-A912-670D837EA278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F5E6B4-88DD-4426-9FB6-D9009F6B8740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1EB857-D417-49EB-89FD-04733C872EE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B9D09D6-3EFD-45A6-88C3-199BF3EF9A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4551D5ED-6C72-4C9B-A556-491042A6113A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01859947-09D4-417E-92A4-FA4F1625C60D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en mont\u00f3n en la funci\u00f3n pefromupx en libclamav/upx.c en Clam AntiVirus (ClamAV) 0.81 hasta 0.88.3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo empaquetado UPX manipulado que contiene secciones con valores grandes de rsize."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam Anti-Virus, ClamAV, 0.88.4",
  "id": "CVE-2006-4018",
  "lastModified": "2026-06-16T22:28:16.153",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T20:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://kolab.org/security/kolab-vendor-notice-10.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21368"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21374"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21433"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21443"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21497"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21562"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200608-13.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016645"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.clamav.net/security/0.88.4.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:138"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_46_clamav.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.overflow.pl/adv/clamav_upx_heap.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/442681/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19381"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2006/0046/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3175"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3275"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kolab.org/security/kolab-vendor-notice-10.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21433"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21497"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200608-13.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016645"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.clamav.net/security/0.88.4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_46_clamav.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.overflow.pl/adv/clamav_upx_heap.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/442681/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19381"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2006/0046/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3175"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28286"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…