CVE-2013-2020

Published: May 13, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Affected (60)

Products: Canonical: Ubuntu Linux · Suse: Linux Enterprise Server · Clamav: Clamav

1 product

1 product

Linux Enterprise Server

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10
Canonical Ubuntu Linux	Version 13.04

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Suse Linux Enterprise Server	Version 11.0 sp1
Suse Linux Enterprise Server	Version 11.0 sp2

Configuration C

53 vulnerable

Vulnerable Software	Affected Versions
Clamav Clamav	Up to 0.97.7
Clamav Clamav	Version 0.90.1
Clamav Clamav	Version 0.90.1_p0
Clamav Clamav	Version 0.90.2
Clamav Clamav	Version 0.90.2_p0
Clamav Clamav	Version 0.90.3
Clamav Clamav	Version 0.90.3_p0
Clamav Clamav	Version 0.90.3_p1
Clamav Clamav	Version 0.90
Clamav Clamav	Version 0.90 rc1.1
Clamav Clamav	Version 0.90 rc1
Clamav Clamav	Version 0.90 rc2
Clamav Clamav	Version 0.90 rc3
Clamav Clamav	Version 0.91.1
Clamav Clamav	Version 0.91.2
Clamav Clamav	Version 0.91.2_p0
Clamav Clamav	Version 0.91
Clamav Clamav	Version 0.91 rc1
Clamav Clamav	Version 0.91 rc2
Clamav Clamav	Version 0.92.1
Clamav Clamav	Version 0.92
Clamav Clamav	Version 0.92_p0
Clamav Clamav	Version 0.93.1
Clamav Clamav	Version 0.93.2
Clamav Clamav	Version 0.93.3
Clamav Clamav	Version 0.93
Clamav Clamav	Version 0.94.1
Clamav Clamav	Version 0.94.2
Clamav Clamav	Version 0.94
Clamav Clamav	Version 0.95.1
Clamav Clamav	Version 0.95.2
Clamav Clamav	Version 0.95.3
Clamav Clamav	Version 0.95
Clamav Clamav	Version 0.95 rc1
Clamav Clamav	Version 0.95 rc2
Clamav Clamav	Version 0.95 src1
Clamav Clamav	Version 0.95 src2
Clamav Clamav	Version 0.96.1
Clamav Clamav	Version 0.96.2
Clamav Clamav	Version 0.96.3
Clamav Clamav	Version 0.96.4
Clamav Clamav	Version 0.96.5
Clamav Clamav	Version 0.96
Clamav Clamav	Version 0.96 rc1
Clamav Clamav	Version 0.96 rc2
Clamav Clamav	Version 0.97.1
Clamav Clamav	Version 0.97.2
Clamav Clamav	Version 0.97.3
Clamav Clamav	Version 0.97.4
Clamav Clamav	Version 0.97.5
Clamav Clamav	Version 0.97
Clamav Clamav	Version 0.97 rc
Clamav Clamav	Version 0.9 rc1

Related CWEs

References (42)

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html

Source: secalert@redhat.com

Patch

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html

Source: secalert@redhat.com

http://secunia.com/advisories/53150

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/53182

Source: secalert@redhat.com

Vendor Advisory

http://support.apple.com/kb/HT5880

Source: secalert@redhat.com

http://support.apple.com/kb/HT5892

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2013:159

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/04/25/2

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/04/29/20

Source: secalert@redhat.com

http://www.securityfocus.com/bid/59434

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1816-1

Source: secalert@redhat.com

https://bugzilla.clamav.net/show_bug.cgi?id=7055

Source: secalert@redhat.com

https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375

Source: secalert@redhat.com

http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/53150

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/53182

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT5880

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT5892

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2013:159

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/04/25/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/04/29/20

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/59434

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1816-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.clamav.net/show_bug.cgi?id=7055

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92c3f9f39f375

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.