1. CVE-Search
  2. CVE-2008-1387
ID CVE-2008-1387
Summary ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 11-10-2018 - 20:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
apple APPLE-SA-2008-09-15
bid
  • 28782
  • 28784
bugtraq 20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387
cert TA08-260A
confirm
fedora
  • FEDORA-2008-3358
  • FEDORA-2008-3420
  • FEDORA-2008-3900
gentoo GLSA-200805-19
mandriva MDVSA-2008:088
misc
secunia
  • 29863
  • 29891
  • 29975
  • 30253
  • 30328
  • 31576
  • 31882
suse SUSE-SA:2008:024
vupen
  • ADV-2008-1227
  • ADV-2008-2584
xf clamav-arj-unspecified-dos(41822)
Last major update 11-10-2018 - 20:33
Published 16-04-2008 - 16:05
Last modified 11-10-2018 - 20:33
Back to Top