CVE-2008-6903

Severity CVSS v4.0:

Pending analysis

Type:

CWE-399 Resource Management Errors

Publication date:

06/08/2009

Last modified:

09/04/2025

Description

Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows NT/9x before 4.7.18, Anti-Virus for OS X before 4.9.18, Anti-Virus for Linux before 6.4.5, Anti-Virus for UNIX before 7.0.5, Anti-Virus for Unix and Netware before 4.37.0, Sophos EM Library, and Sophos small business solutions, when CAB archive scanning is enabled, allows remote attackers to cause a denial of service (segmentation fault) via a "fuzzed" CAB archive file, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:N/I:N/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): None
Availability (A): Physical

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:sophos:anti-virus:4.7.18::windows-nt:::::
cpe:2.3:a:sophos:anti-virus:4.7.18::windows_9x:::::
cpe:2.3:a:sophos:anti-virus:4.9.18::os_x:::::
cpe:2.3:a:sophos:anti-virus:4.37.0::netware:::::
cpe:2.3:a:sophos:anti-virus:6.4.5::linux:::::
cpe:2.3:a:sophos:anti-virus:7.0.5::unix:::::
cpe:2.3:a:sophos:anti-virus7.6.3::windows::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:sophos:anti-virus:4.7.18::windows-nt:::::
cpe:2.3:a:sophos:anti-virus:4.7.18::windows_9x:::::
cpe:2.3:a:sophos:anti-virus:4.9.18::os_x:::::
cpe:2.3:a:sophos:anti-virus:4.37.0::netware:::::
cpe:2.3:a:sophos:anti-virus:6.4.5::linux:::::
cpe:2.3:a:sophos:anti-virus:7.0.5::unix:::::
cpe:2.3:a:sophos:anti-virus7.6.3::windows::::::*

CVE-2008-6903

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools