fkie_cve-2005-3501
Vulnerability from fkie_nvd
Published
2005-11-05 11:02
Modified
2025-04-03 01:03
Severity ?
Summary
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC49FEEA-FB10-457F-9277-19A75F30D3B5",
"versionEndIncluding": "0.87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "68EC0AEB-91CF-4A79-AF40-A475E896FB45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "5935EDE0-9203-4150-9B7A-AB10B377F9F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59C2680C-C187-487A-B6C4-F509E0C52436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A796E5E1-6481-49EF-8D97-9EC2A01C712B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "03FF3AE5-5BD9-43B4-9FB0-6BED8450C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "812B11BD-344F-40DC-9996-0CBB4BB143B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "22958219-46D6-4868-B324-BFC2F2C893F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4543DDEE-C1D1-428F-91C7-98B8985A5931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1FED760C-7106-49CE-B4FE-CA53A1092C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "821EF522-A058-4509-A4CB-E9B800E83EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*",
"matchCriteriaId": "CABA4177-6B24-4364-BC34-D5ED171E60FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F488ACB2-A013-4BF3-B5AC-897E40BA87F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5799FA-DD99-4A35-BC56-B2FBEB747226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F32EA99F-088E-499E-9DCE-EFA9A64D1673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B04C5B-316D-4C6A-96CF-F145F7C9E636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E66D5CDE-ED5D-41BA-A4B1-28E8559EC056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "20769174-C51F-47D5-A34F-EB772F542A57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "721B8B46-DFD9-4937-96A3-8D731304415B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF18A59-FB30-45C6-B28E-4499DCD78F42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "0B28E0BE-1E2D-45D2-B483-2D81326BF482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "E7029650-6DF1-4616-BE9F-DE40E9BBE3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F47FD5DF-F22E-4B78-9B92-A9C41950F836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F9571F-9192-414F-B680-10A22C71CFDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "F7CAC876-9AAC-407C-A34E-98AA6801D25F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "470FC8FE-785A-4934-8989-D17C1796870E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "79A6C0FE-2EED-447D-9F62-12CFF1E0918A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0928E05F-92E7-4451-AC11-4E6A014E1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E7A70A-3584-4259-80CA-03AE290ABAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24AF81C1-5B68-4D84-AFB9-C0419B7F98D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "D27D70A0-EC82-4DC7-A66D-60D263B76E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*",
"matchCriteriaId": "28C9C5AD-97A9-42C8-917C-2787785F5BEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AB3389-1C30-47BB-9DAE-0F744E7F8877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4D3D3E-067B-4A37-A851-99D2A3E20FC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA837A0-C8CB-486B-845E-A370E3137697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "235A144A-4AB1-4756-AFB1-58AFFE02649E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "767BBE7F-6CC4-42D4-9730-6E617D36AAE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA7CD6A-133F-48E4-87BC-77CF21A25940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "F65A7930-A913-4C3D-95A3-E629D6A468C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "05D1FAF4-B4F8-446F-88C3-01289C01DB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc1:*:*:*:*:*:*",
"matchCriteriaId": "342A854F-0942-4A3E-AF08-BD41D8F453DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4DA6E00-8126-4B62-9E7F-1E3BFC827BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "BB0958CD-187F-4DD0-A31B-5002861F6326",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "9C24942D-7AD6-4391-8F05-2827AB6A751E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "BABA6024-1769-44D9-BF20-215602980A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DA719FE4-04E0-4664-8EEC-70CD613408DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.81:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F7364D6-36F6-4615-95F0-E0B56722DAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "C859F864-B68F-4805-B804-E50F2C3FFE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CAFEA5-C062-43EA-A302-38887DA6768C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "525DC218-308C-4A0E-96A7-DC74B8973B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A4969C16-F67D-4C30-A537-FE64F4CFC3D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B0D72B20-1F61-4499-9ADE-88AF98C3C19C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "72C71B82-8F84-4855-A138-7E7436788D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "039341D8-8E2B-4901-BFA6-9CCC46A18C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "C048A75E-6587-485C-9F2B-E12BED34FF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "97DAD83E-F14F-4B87-B5D8-7BCAD8F446BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC4D448-DDCD-4C0B-AA84-2D054FCF718C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B003639-3228-4AC1-AB46-73481BB5DDA5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length."
}
],
"id": "CVE-2005-3501",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-05T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17184"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17451"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17501"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/150"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=334\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20484"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15317"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=334\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…