CVE-2007-0897

Publication date 16 February 2007

Last updated 24 July 2024

Ubuntu priority

Cvss 3 Severity Score

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	8.04 LTS hardy	Fixed 0.91.2-3ubuntu1
	7.10 gutsy	Fixed 0.91.2-3ubuntu1
	7.04 feisty	Fixed 0.90.2-0ubuntu1.3
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 0.92.1~dfsg2-1.1~dapper2

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Other references

https://www.cve.org/CVERecord?id=CVE-2007-0897