Vulnerability CVE-2009-1371: Information

Description

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

Severity: MEDIUM (5.0)

URL: https://nvd.nist.gov/vuln/detail/CVE-2009-1371

Published: April 23, 2009

Modified: Sept. 16, 2009

Error type identifier: CWE-20

References to Advisories, Solutions, and Tools

Hyperlink	Resource
53602
34446	Patch
USN-756-1
https://launchpad.net/bugs/360502
1022028
34612	Vendor Advisory
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032
ADV-2009-0985	Patch Vendor Advisory
34654	Vendor Advisory
34716
DSA-1771
MDVSA-2009:097
APPLE-SA-2009-09-10-2
http://support.apple.com/kb/HT3865
36701

Affected configurations:
1. Configuration 1
  cpe:2.3:a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.5:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.02:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.92:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.15:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.65:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.7:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.81:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.86:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.01:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.92_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.85:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.84:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91.2_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.93:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.70:rc:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.68.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.03:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.74:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.71:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.60p:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.94:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80_rc3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91_rc2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80_rc2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.95:src2:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.13:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.10:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.94.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.95:src1:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.1_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.12:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.7_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.23:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.3_p1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.60:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.84_rc2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.83:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.20:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.70:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.4:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.3_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.24:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.2_p0:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.81_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.66:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.51:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.52:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.8_:rc3:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.22:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90_rc1.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.84_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.86_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.72:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.75:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.05:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.54:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.87:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.21:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.7_p1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
  End including
  0.95
  cpe:2.3:a:clamav:clamav:0.67-1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90_rc2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.14:pre:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90_rc3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.67:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.68:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.53:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.93.2:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.88.6:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.80_rc:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.82:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.9_rc1:*:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:0.73:*:*:*:*:*:*:*

Version: v24.4.2

Vulnerability CVE-2009-1371: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1