Vulnerability Name:

CVE-2008-1837 (CCN-41870)

Assigned:2008-04-14
Published:2008-04-14
Updated:2017-08-08
Summary:libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-1837

Source: APPLE
Type: UNKNOWN
APPLE-SA-2008-09-15

Source: SUSE
Type: UNKNOWN
SUSE-SA:2008:024

Source: SECUNIA
Type: UNKNOWN
29891

Source: SECUNIA
Type: UNKNOWN
30328

Source: CCN
Type: SA31576
Astaro update for ClamAV

Source: SECUNIA
Type: UNKNOWN
31576

Source: CCN
Type: SA31882
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
31882

Source: GENTOO
Type: UNKNOWN
GLSA-200805-19

Source: CCN
Type: Apple Web site
About the security content of Mac OS X v10.5.5 and Security Update 2008-006

Source: CCN
Type: Astaro Web site
Up2Date Announcements: Up2Date ASG V7.300 GA Release

Source: CONFIRM
Type: UNKNOWN
http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: CCN
Type: GLSA-200805-19
ClamAV: Multiple vulnerabilities

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:088

Source: CCN
Type: OSVDB ID: 44524
ClamAV libclamunrar Crafted RAR File Handling Remote DoS

Source: BID
Type: UNKNOWN
28784

Source: CCN
Type: BID-28784
ClamAV 0.92.1 Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA08-260A

Source: VUPEN
Type: UNKNOWN
ADV-2008-1227

Source: VUPEN
Type: UNKNOWN
ADV-2008-2584

Source: XF
Type: UNKNOWN
clamav-libclamunrar-dos(41870)

Source: XF
Type: UNKNOWN
clamav-libclamunrar-dos(41870)

Source: SUSE
Type: SUSE-SA:2008:024
clamav 0.93 security update

Source: CCN
Type: ClamAV Bugzilla Bug 898
RAR crashes on some fuzzed files from CERT-FI

Source: CONFIRM
Type: UNKNOWN
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* (Version <= 0.92.1)

    • Configuration CCN 1:
  • cpe:/a:clamav:clamav:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:rc2:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:rc3:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.91:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20081837
    V
    		CVE-2008-1837
    2015-11-16
    BACK
    clam_anti-virus clamav 0.15
    clam_anti-virus clamav 0.20
    clam_anti-virus clamav 0.21
    clam_anti-virus clamav 0.22
    clam_anti-virus clamav 0.23
    clam_anti-virus clamav 0.24
    clam_anti-virus clamav 0.51
    clam_anti-virus clamav 0.52
    clam_anti-virus clamav 0.53
    clam_anti-virus clamav 0.54
    clam_anti-virus clamav 0.60
    clam_anti-virus clamav 0.60p
    clam_anti-virus clamav 0.65
    clam_anti-virus clamav 0.67
    clam_anti-virus clamav 0.68
    clam_anti-virus clamav 0.68.1
    clam_anti-virus clamav 0.70
    clam_anti-virus clamav 0.71
    clam_anti-virus clamav 0.72
    clam_anti-virus clamav 0.73
    clam_anti-virus clamav 0.74
    clam_anti-virus clamav 0.75
    clam_anti-virus clamav 0.75.1
    clam_anti-virus clamav 0.80
    clam_anti-virus clamav 0.80_rc1
    clam_anti-virus clamav 0.80_rc2
    clam_anti-virus clamav 0.80_rc3
    clam_anti-virus clamav 0.80_rc4
    clam_anti-virus clamav 0.81
    clam_anti-virus clamav 0.81_rc1
    clam_anti-virus clamav 0.82
    clam_anti-virus clamav 0.83
    clam_anti-virus clamav 0.84
    clam_anti-virus clamav 0.84_rc1
    clam_anti-virus clamav 0.84_rc2
    clam_anti-virus clamav 0.85
    clam_anti-virus clamav 0.85.1
    clam_anti-virus clamav 0.86
    clam_anti-virus clamav 0.86.1
    clam_anti-virus clamav 0.86.2
    clam_anti-virus clamav 0.86_rc1
    clam_anti-virus clamav 0.87
    clam_anti-virus clamav 0.87.1
    clam_anti-virus clamav 0.88
    clam_anti-virus clamav 0.88.1
    clam_anti-virus clamav 0.88.3
    clam_anti-virus clamav 0.88.4
    clam_anti-virus clamav 0.88.5
    clam_anti-virus clamav 0.88.6
    clam_anti-virus clamav 0.88.7
    clam_anti-virus clamav 0.90
    clam_anti-virus clamav 0.90.1
    clam_anti-virus clamav 0.90.2
    clam_anti-virus clamav 0.90_rc1.1
    clam_anti-virus clamav 0.90_rc2
    clam_anti-virus clamav 0.90_rc3
    clam_anti-virus clamav 0.90rc1
    clam_anti-virus clamav 0.91
    clam_anti-virus clamav 0.91.1
    clam_anti-virus clamav 0.91.2
    clam_anti-virus clamav 0.91rc1
    clam_anti-virus clamav 0.91rc2
    clam_anti-virus clamav 0.92
    clam_anti-virus clamav *
    clamav clamav 0.92
    clamav clamav 0.90
    clamav clamav 0.90 rc1.1
    clamav clamav 0.90 rc2
    clamav clamav 0.90 rc3
    clamav clamav 0.90.1
    clamav clamav 0.90 rc1
    clamav clamav 0.91
    gentoo linux *
    mandrakesoft mandrake linux corporate server 3.0
    novell open enterprise server *
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2007.1
    apple mac os x server 10.5
    apple mac os x server 10.4.11
    apple mac os x server 10.5.1
    apple mac os x server 10.5.2
    novell open enterprise server *
    novell opensuse 10.2
    novell opensuse 10.3
    mandrakesoft mandrake linux 2008.1
    apple mac os x server 10.5.3
    apple mac os x server 10.5.4