CVE-2004-0270

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=107634700823822&w=2
http://security.gentoo.org/glsa/glsa-200402-07.xml	Vendor Advisory
http://www.freebsd.org/cgi/query-pr.cgi?pr=62586
http://www.osvdb.org/3894
http://www.securityfocus.com/bid/9610	Exploit Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15077

Configurations

Configuration 1 (hide)

cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-11-23 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2004-0270

Mitre link : CVE-2004-0270

CVE.ORG link : CVE-2004-0270

JSON object : View

Products Affected

clam_anti-virus

clamav

CWE

NVD-CWE-Other

{"id": "CVE-2004-0270", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107634700823822&w=2", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/3894", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9610", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program."}, {"lang": "es", "value": "libclamav de Clam AntiVirus 0.65 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un mensaje de correo electr\u00f3nico con codificaci\u00f3n uu con una longitud de l\u00ednea inv\u00e1lida (por ejemplo, un car\u00e1cter en min\u00fasculas), lo que causa un error de aserc\u00ed\u00f3n en clamd que termina al programa llamante."}], "lastModified": "2017-10-10T01:30:19.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}