ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Clamavs
  • Clamav
Clamav
  • Clamav

Configuration 1 [-]

OR cpe:2.3:a:clamav:clamav:*:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.14:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.91:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.91:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95:rc2:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95.1:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95.2:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.95.3:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.96:rc1:*:*:*:*:*:*
cpe:2.3:a:clamavs:clamav:0.04:*:*:*:*:*:*:*
cpe:2.3:a:clamavs:clamav:0.06:*:*:*:*:*:*:*
References
Link Resource
http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
http://secunia.com/advisories/39293
http://secunia.com/advisories/39329 Vendor Advisory
http://secunia.com/advisories/39656
http://support.apple.com/kb/HT4312
http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
http://www.openwall.com/lists/oss-security/2010/04/06/4
http://www.openwall.com/lists/oss-security/2010/04/08/3
http://www.securityfocus.com/bid/39262 Patch
http://www.ubuntu.com/usn/USN-926-1
http://www.vupen.com/english/advisories/2010/0827
http://www.vupen.com/english/advisories/2010/0832
http://www.vupen.com/english/advisories/2010/0909
http://www.vupen.com/english/advisories/2010/1001
http://www.vupen.com/english/advisories/2010/1206
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1826
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2010-04-08T17:00:00

Updated: 2010-04-28T09:00:00

Reserved: 2009-12-30T00:00:00

Link: CVE-2010-0098

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2010-04-08T17:30:00.313

Modified: 2023-11-07T02:04:59.620

Link: CVE-2010-0098

JSON object: View

cve-icon Redhat Information

No data.

CWE