CVE-2008-6845

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
clamavclamav
𝑥
≤ 0.93.3
clamavclamav
0.01
clamavclamav
0.02
clamavclamav
0.3
clamavclamav
0.03
clamavclamav
0.05
clamavclamav
0.10
clamavclamav
0.12
clamavclamav
0.13
clamavclamav
0.14:pre
clamavclamav
0.15
clamavclamav
0.20
clamavclamav
0.21
clamavclamav
0.22
clamavclamav
0.23
clamavclamav
0.24
clamavclamav
0.51
clamavclamav
0.52
clamavclamav
0.53
clamavclamav
0.54
clamavclamav
0.60
clamavclamav
0.60p:p
clamavclamav
0.65
clamavclamav
0.66
clamavclamav
0.67
clamavclamav
0.67-1
clamavclamav
0.68
clamavclamav
0.68.1
clamavclamav
0.70
clamavclamav
0.70:rc
clamavclamav
0.71
clamavclamav
0.72
clamavclamav
0.73
clamavclamav
0.74
clamavclamav
0.75
clamavclamav
0.75.1
clamavclamav
0.80
clamavclamav
0.80:rc4
clamavclamav
0.81
clamavclamav
0.82
clamavclamav
0.83
clamavclamav
0.84
clamavclamav
0.85
clamavclamav
0.85.1
clamavclamav
0.86
clamavclamav
0.86.1
clamavclamav
0.86.2
clamavclamav
0.87
clamavclamav
0.87.1
clamavclamav
0.88
clamavclamav
0.88.1
clamavclamav
0.88.2
clamavclamav
0.88.3
clamavclamav
0.88.4
clamavclamav
0.88.5
clamavclamav
0.88.6
clamavclamav
0.88.7
clamavclamav
0.88.7_p0:_p0
clamavclamav
0.88.7_p1:_p1
clamavclamav
0.90
clamavclamav
0.90.1
clamavclamav
0.90.1_p0:_p0
clamavclamav
0.90.2
clamavclamav
0.90.2_p0:_p0
clamavclamav
0.90.3
clamavclamav
0.90.3_p0:_p0
clamavclamav
0.90.3_p1:_p1
clamavclamav
0.91
clamavclamav
0.91.1
clamavclamav
0.91.2
clamavclamav
0.91.2_p0:_p0
clamavclamav
0.92
clamavclamav
0.92.1
clamavclamav
0.92_p0:_p0
clamavclamav
0.93
clamavclamav
0.93.1
clamavclamav
0.93.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clamav
bullseye
0.103.10+dfsg-0+deb11u1
fixed
etch
no-dsa
bookworm
1.0.5+dfsg-1~deb12u1
fixed
sid
1.4.1+dfsg-1
fixed
trixie
1.4.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
karmic
Fixed 0.95.3+dfsg-1ubuntu0.09.10
released
jaunty
Fixed 0.95.3+dfsg-1ubuntu0.09.04
released
intrepid
Fixed 0.94.dfsg.2-1ubuntu0.5
released
hardy
Fixed 0.94.dfsg.2-1ubuntu0.3~hardy4
released
dapper
Fixed 0.94.dfsg.2-1ubuntu0.3~dapper2
released
References
http://osvdb.org/51963
http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html
http://www.securityfocus.com/archive/1/499078/100/0/threaded
http://www.securityfocus.com/bid/32752
http://osvdb.org/51963
http://www.ivizsecurity.com/security-advisory-iviz-sr-08011.html
http://www.securityfocus.com/archive/1/499078/100/0/threaded
http://www.securityfocus.com/bid/32752