ClamAV < 0.93.1 memcpy() Function Overflow (deprecated)

medium Nessus Network Monitor Plugin ID 4547

Synopsis

The remote host is vulnerable to a buffer overflow

Description

The remote host is running ClamAV client.

This version of ClamAV is vulnerable to a flaw within the 'memcpy()' function. An attacker, exploiting this flaw, would be able to crash the ClamAV server or possibly execute code.

Solution

Upgrade to ClamAV version 0.93.1 or higher

See Also

http://www.clamav.org/2008/06/09/clamav-0931

Plugin Details

Severity: Medium

ID: 4547

Family: Web Clients

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Reference Information

CVE: CVE-2008-2713

BID: 29750