CVE-2010-1311

Executive Summary

Informations
Name	CVE-2010-1311	First vendor Publication	2010-04-08
Vendor	Cve	Last vendor Modification	2010-08-31

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311

CWE : Common Weakness Enumeration

id	Name
CWE-20	Improper Input Validation

CPE : Common Platform Enumeration

Type	Description	Count
Application	Clamav Clamav cpe:/a:clamav:clamav:0.96:rc2 cpe:/a:clamav:clamav:0.96:rc1 cpe:/a:clamav:clamav:0.95.3 cpe:/a:clamav:clamav:0.95.2 cpe:/a:clamav:clamav:0.95.1 cpe:/a:clamav:clamav:0.95 cpe:/a:clamav:clamav:0.95:rc2 cpe:/a:clamav:clamav:0.95:rc1 cpe:/a:clamav:clamav:0.94.2 cpe:/a:clamav:clamav:0.94.1 cpe:/a:clamav:clamav:0.94 cpe:/a:clamav:clamav:0.93.3 cpe:/a:clamav:clamav:0.93.2 cpe:/a:clamav:clamav:0.93.1 cpe:/a:clamav:clamav:0.93 cpe:/a:clamav:clamav:0.92.1 cpe:/a:clamav:clamav:0.92 cpe:/a:clamav:clamav:0.91.2 cpe:/a:clamav:clamav:0.91.1 cpe:/a:clamav:clamav:0.91 cpe:/a:clamav:clamav:0.91:rc1 cpe:/a:clamav:clamav:0.91:rc2 cpe:/a:clamav:clamav:0.90.3 cpe:/a:clamav:clamav:0.90.2 cpe:/a:clamav:clamav:0.90.1 cpe:/a:clamav:clamav:0.90 cpe:/a:clamav:clamav:0.90:rc1.1 cpe:/a:clamav:clamav:0.90:rc3 cpe:/a:clamav:clamav:0.90:rc1 cpe:/a:clamav:clamav:0.90:rc2 cpe:/a:clamav:clamav:0.9:rc1 cpe:/a:clamav:clamav:0.88.7 cpe:/a:clamav:clamav:0.88.6 cpe:/a:clamav:clamav:0.88.5 cpe:/a:clamav:clamav:0.88.4 cpe:/a:clamav:clamav:0.88.3 cpe:/a:clamav:clamav:0.88.2 cpe:/a:clamav:clamav:0.88.1 cpe:/a:clamav:clamav:0.88 cpe:/a:clamav:clamav:0.87.1 cpe:/a:clamav:clamav:0.87 cpe:/a:clamav:clamav:0.86.2 cpe:/a:clamav:clamav:0.86.1 cpe:/a:clamav:clamav:0.86:rc1 cpe:/a:clamav:clamav:0.86 cpe:/a:clamav:clamav:0.85.1 cpe:/a:clamav:clamav:0.85 cpe:/a:clamav:clamav:0.84 cpe:/a:clamav:clamav:0.84:rc1 cpe:/a:clamav:clamav:0.84:rc2 cpe:/a:clamav:clamav:0.83 cpe:/a:clamav:clamav:0.82 cpe:/a:clamav:clamav:0.81 cpe:/a:clamav:clamav:0.80:rc cpe:/a:clamav:clamav:0.80:rc4 cpe:/a:clamav:clamav:0.80:rc3 cpe:/a:clamav:clamav:0.80 cpe:/a:clamav:clamav:0.80:rc2 cpe:/a:clamav:clamav:0.75.1 cpe:/a:clamav:clamav:0.75 cpe:/a:clamav:clamav:0.74 cpe:/a:clamav:clamav:0.73 cpe:/a:clamav:clamav:0.72 cpe:/a:clamav:clamav:0.71 cpe:/a:clamav:clamav:0.70:rc cpe:/a:clamav:clamav:0.70 cpe:/a:clamav:clamav:0.68.1 cpe:/a:clamav:clamav:0.68 cpe:/a:clamav:clamav:0.67-1 cpe:/a:clamav:clamav:0.67 cpe:/a:clamav:clamav:0.66 cpe:/a:clamav:clamav:0.65 cpe:/a:clamav:clamav:0.60p cpe:/a:clamav:clamav:0.60 cpe:/a:clamav:clamav:0.54 cpe:/a:clamav:clamav:0.53 cpe:/a:clamav:clamav:0.52 cpe:/a:clamav:clamav:0.51 cpe:/a:clamav:clamav:0.3 cpe:/a:clamav:clamav:0.24 cpe:/a:clamav:clamav:0.23 cpe:/a:clamav:clamav:0.22 cpe:/a:clamav:clamav:0.21 cpe:/a:clamav:clamav:0.20 cpe:/a:clamav:clamav:0.15 cpe:/a:clamav:clamav:0.14:pre cpe:/a:clamav:clamav:0.14 cpe:/a:clamav:clamav:0.13 cpe:/a:clamav:clamav:0.12 cpe:/a:clamav:clamav:0.10 cpe:/a:clamav:clamav:0.05 cpe:/a:clamav:clamav:0.03 cpe:/a:clamav:clamav:0.02 cpe:/a:clamav:clamav:0.01	94
Application	Clamavs Clamav cpe:/a:clamavs:clamav:0.06 cpe:/a:clamavs:clamav:0.04	2

Open Source Vulnerability Database (OSVDB)

id	Description
63818	ClamAV libclamav/mspack.c qtm_decompress Function Crafted CAB Archive DoS

Internal Sources (Detail)

Source	Url
APPLE	http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
BID	http://www.securityfocus.com/bid/39262
CONFIRM	http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=c... http://support.apple.com/kb/HT4312 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2010:082
SECUNIA	http://secunia.com/advisories/39293 http://secunia.com/advisories/39329 http://secunia.com/advisories/39656
SUSE	http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html
UBUNTU	http://www.ubuntu.com/usn/USN-926-1
VUPEN	http://www.vupen.com/english/advisories/2010/0827 http://www.vupen.com/english/advisories/2010/0832 http://www.vupen.com/english/advisories/2010/0909 http://www.vupen.com/english/advisories/2010/1001 http://www.vupen.com/english/advisories/2010/1206

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-10 23:22:03	Multiple Updates

Type	Count
CPE ID(s)	96
osvdb(s)	1

Related	Severity
USN-926-1	(Critical)
MDVSA-2010:082-1	(Critical)
MDVSA-2010:082	(Critical)
GLSA-201009-06	(Critical)

Same Subject	Severity
Login to view 3 more Alert(s)

CVE-2010-1311

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Internal Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU