Vulnerabilidad en ClamAV (CVE-2013-2020)
Gravedad CVSS v2.0:
MEDIA
Tipo:
CWE-189
Errores numéricos
Fecha de publicación:
13/05/2013
Última modificación:
11/04/2025
Descripción
Desbordamiento de entero en la función cli_scanpe en pe.c en ClamAV anterior a v0.97.8 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un desplazamiento mayor que el tamaño de las secciones PE en un paquete ejecutable UPX, que dispara un error de salida de rango en la lectura.
Impacto
Puntuación base 2.0
5.00
Gravedad 2.0
MEDIA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_server:11.0:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_server:11.0:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* | 0.97.7 (incluyendo) | |
| cpe:2.3:a:clamav:clamav:0.9:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90:*:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90:rc1.1:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90:rc3:*:*:*:*:*:* | ||
| cpe:2.3:a:clamav:clamav:0.90.1:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
- http://secunia.com/advisories/53150
- http://secunia.com/advisories/53182
- http://support.apple.com/kb/HT5880
- http://support.apple.com/kb/HT5892
- http://www.mandriva.com/security/advisories?name=MDVSA-2013%3A159
- http://www.openwall.com/lists/oss-security/2013/04/25/2
- http://www.openwall.com/lists/oss-security/2013/04/29/20
- http://www.securityfocus.com/bid/59434
- http://www.ubuntu.com/usn/USN-1816-1
- https://bugzilla.clamav.net/show_bug.cgi?id=7055
- https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375
- http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
- http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
- http://secunia.com/advisories/53150
- http://secunia.com/advisories/53182
- http://support.apple.com/kb/HT5880
- http://support.apple.com/kb/HT5892
- http://www.mandriva.com/security/advisories?name=MDVSA-2013%3A159
- http://www.openwall.com/lists/oss-security/2013/04/25/2
- http://www.openwall.com/lists/oss-security/2013/04/29/20
- http://www.securityfocus.com/bid/59434
- http://www.ubuntu.com/usn/USN-1816-1
- https://bugzilla.clamav.net/show_bug.cgi?id=7055
- https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375