Vulnerability Name:

CVE-2005-2056 (CCN-21191)

Assigned:2005-06-24
Published:2005-06-24
Updated:2008-11-15
Summary:The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-2056

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:973
Fixes for two security vulnerabilities in clamav

Source: CCN
Type: SA15811
ClamAV Quantum Decompressor Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
15811

Source: CCN
Type: SourceForge.net
Project: Clam AntiVirus: File List Project: Clam AntiVirus: File List

Source: CCN
Type: Sourceforge.net- File Release Notes and Change Logs
Project: Clam AntiVirus: Release Notes

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=337279

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-737

Source: DEBIAN
Type: DSA-737
clamav -- remote denial of service

Source: CCN
Type: GLSA-200506-23
Clam AntiVirus: Denial of Service vulnerability

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200506-23

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:038

Source: BID
Type: UNKNOWN
14058

Source: CCN
Type: BID-14058
Clam Anti-Virus ClamAV Unspecified Quantum Decompressor Denial Of Service Vulnerability

Source: CCN
Type: BID-14089
Clam Anti-Virus ClamAV Cabinet File Parsing Remote Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
clam-antivirus-quantum-dos(21191)

Source: SUSE
Type: SUSE-SA:2005:038
clamav: multiple security and other bugfixes

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.debian:def:737
    V
    		remote denial of service
    2005-07-05
    BACK
    clam_anti-virus clamav 0.85
    clam_anti-virus clamav 0.85.1
    clam_anti-virus clamav 0.86