published date: July 5, 2005

CVE-2005-1923 : Denial of Service Vulnerability

Description

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

Product(s):

Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.84 RC1
Clam Anti-Virus ClamAV 0.84 RC2
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85

CVSS:2.6 [Critical]
EPSS:0.66%
Exploitability:4.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-1923, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-1923 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-1923

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales