ClamAV < 0.93.1 memcpy() Function Overflow (deprecated)

Medium Nessus Network Monitor Plugin ID 4547

Synopsis

The remote host is vulnerable to a buffer overflow

Description

The remote host is running ClamAV client.

This version of ClamAV is vulnerable to a flaw within the 'memcpy()' function. An attacker, exploiting this flaw, would be able to crash the ClamAV server or possibly execute code.

Solution

Upgrade to ClamAV version 0.93.1 or higher

See Also

http://www.clamav.org/2008/06/09/clamav-0931

Plugin Details

Severity: Medium

ID: 4547

File Name: 4547.prm

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/21

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2713

BID: 29750