Vulnerability Name:

CVE-2005-3501 (CCN-22965)

Assigned:2005-11-04
Published:2005-11-04
Updated:2011-07-14
Summary:The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-3501

Source: CCN
Type: SA17184
Clam AntiVirus OLE2 Unpacker Potential Denial of Service

Source: SECUNIA
Type: Vendor Advisory
17184

Source: CCN
Type: SA17434
Clam AntiVirus CAB/FSG File Handling and base64 MIME Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
17434

Source: SECUNIA
Type: Vendor Advisory
17451

Source: SECUNIA
Type: Vendor Advisory
17501

Source: SECUNIA
Type: Vendor Advisory
17559

Source: SREASON
Type: UNKNOWN
150

Source: CCN
Type: SECTRACK ID: 1015154
Clam AntiVirus CAB, FSG, and OLE Bugs Let Remote Users Deny Service or Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015154

Source: CONFIRM
Type: Patch
http://sourceforge.net/project/shownotes.php?release_id=368319

Source: CCN
Type: ClamAV Web site
ClamAV: Project News

Source: CCN
Type: ClamAV Download Web page
clamav 0.87.1 released

Source: DEBIAN
Type: UNKNOWN
DSA-887

Source: DEBIAN
Type: DSA-887
clamav -- several vulnerabilities

Source: CCN
Type: GLSA-200511-04
ClamAV: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200511-04

Source: IDEFENSE
Type: Exploit, Patch, Vendor Advisory
20051104 Clam AntiVirus Cabinet-file handling Denial of Service Vulnerability

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:205

Source: OSVDB
Type: UNKNOWN
20484

Source: CCN
Type: OSVDB ID: 20484
Clam AntiVirus libclamav/mspack/cabd.c Infinite Loop DoS

Source: BID
Type: UNKNOWN
15317

Source: CCN
Type: BID-15317
Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2005-2294

Source: XF
Type: UNKNOWN
clam-cabdfind-dos(22965)

Source: SUSE
Type: SUSE-SR:2005:026
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clamav:clamav:0.01:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.02:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.03:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.05:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.8:rc3:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.12:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.13:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.14:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.14:pre:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.15:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.20:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.21:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.22:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.23:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.24:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.60:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.60p:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.66:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.67:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.68:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.70:rc:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.83:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:*:*:*:*:*:*:*:* (Version <= 0.87)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053501
    V
    		CVE-2005-3501
    2015-11-16
    oval:org.debian:def:887
    V
    		several vulnerabilities
    2005-11-07
    BACK
    clamav clamav 0.01
    clamav clamav 0.02
    clamav clamav 0.03
    clamav clamav 0.3
    clamav clamav 0.05
    clamav clamav 0.8 rc3
    clamav clamav 0.10
    clamav clamav 0.12
    clamav clamav 0.13
    clamav clamav 0.14
    clamav clamav 0.14 pre
    clamav clamav 0.15
    clamav clamav 0.20
    clamav clamav 0.21
    clamav clamav 0.22
    clamav clamav 0.23
    clamav clamav 0.24
    clamav clamav 0.51
    clamav clamav 0.52
    clamav clamav 0.53
    clamav clamav 0.54
    clamav clamav 0.60
    clamav clamav 0.60p
    clamav clamav 0.65
    clamav clamav 0.66
    clamav clamav 0.67
    clamav clamav 0.67-1
    clamav clamav 0.68
    clamav clamav 0.68.1
    clamav clamav 0.70
    clamav clamav 0.70 rc
    clamav clamav 0.71
    clamav clamav 0.72
    clamav clamav 0.73
    clamav clamav 0.74
    clamav clamav 0.75
    clamav clamav 0.75.1
    clamav clamav 0.80
    clamav clamav 0.80 rc
    clamav clamav 0.80 rc1
    clamav clamav 0.80 rc2
    clamav clamav 0.80 rc3
    clamav clamav 0.80 rc4
    clamav clamav 0.80_rc
    clamav clamav 0.81
    clamav clamav 0.81 rc1
    clamav clamav 0.82
    clamav clamav 0.83
    clamav clamav 0.84
    clamav clamav 0.84 rc1
    clamav clamav 0.84 rc2
    clamav clamav 0.85
    clamav clamav 0.85.1
    clamav clamav 0.86
    clamav clamav 0.86 rc1
    clamav clamav 0.86.1
    clamav clamav 0.86.2
    clamav clamav *