Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2013-2020 First vendor Publication 2013-05-13
Vendor Cve Last vendor Modification 2015-09-28

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28352
 
Oval ID: oval:org.mitre.oval:def:28352
Title: SUSE-SU-2014:1571-1 -- Security update for clamav (important)
Description: clamav was updated to version 0.98.5 to fix five security issues: * Crash when scanning maliciously crafted yoda's crypter files (CVE-2013-6497). * Heap-based buffer overflow when scanning crypted PE files (CVE-2014-9050). * Fix heap corruption (CVE-2013-2020). * Fix overflow due to PDF key length computation (CVE-2013-2021). * Crash when using 'clamscan -a'. Several non-security issues have also been fixed, please refer to the package's change log for details. Security Issues: * CVE-2013-6497 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6497> * CVE-2014-9050 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9050> * CVE-2013-2021 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021> * CVE-2013-2020 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1571-1
CVE-2013-6497
CVE-2014-9050
CVE-2013-2021
CVE-2013-2020
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): clamav
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 140
Os 5
Os 2

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373

Nessus® Vulnerability Scanner

Date Description
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-430.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201405-08.nasl - Type : ACT_GATHER_INFO
2013-09-17 Name : The remote host is missing a security update for OS X Server.
File : macosx_server_2_2_2.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10853.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10953.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Fedora host is missing a security update.
File : fedora_2013-10980.nasl - Type : ACT_GATHER_INFO
2013-06-21 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_clamav-130604.nasl - Type : ACT_GATHER_INFO
2013-06-21 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_clamav-8606.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Fedora host is missing a security update.
File : fedora_2013-8047.nasl - Type : ACT_GATHER_INFO
2013-05-04 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1816-1.nasl - Type : ACT_GATHER_INFO
2013-05-03 Name : The antivirus service running on the remote host is affected by multiple vuln...
File : clamav_0_97_8.nasl - Type : ACT_GATHER_INFO
2013-05-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-159.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
BID http://www.securityfocus.com/bid/59434
CONFIRM http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html
http://support.apple.com/kb/HT5880
http://support.apple.com/kb/HT5892
https://bugzilla.clamav.net/show_bug.cgi?id=7055
https://github.com/vrtadmin/clamav-devel/commit/270e368b99e93aa5447d46c797c92...
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105575.html
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2013:159
MLIST http://www.openwall.com/lists/oss-security/2013/04/25/2
http://www.openwall.com/lists/oss-security/2013/04/29/20
SECUNIA http://secunia.com/advisories/53150
http://secunia.com/advisories/53182
SUSE http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00018.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00020.html
UBUNTU http://www.ubuntu.com/usn/USN-1816-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Date Informations
2022-01-22 01:14:07
  • Multiple Updates
2021-05-05 01:12:31
  • Multiple Updates
2021-05-04 12:24:51
  • Multiple Updates
2021-04-22 01:29:45
  • Multiple Updates
2020-05-24 01:11:03
  • Multiple Updates
2020-05-23 00:36:49
  • Multiple Updates
2019-04-11 12:04:50
  • Multiple Updates
2018-09-15 01:04:43
  • Multiple Updates
2016-06-28 19:26:58
  • Multiple Updates
2016-04-26 23:03:55
  • Multiple Updates
2015-09-28 21:23:03
  • Multiple Updates
2014-12-12 09:22:32
  • Multiple Updates
2014-06-14 13:35:19
  • Multiple Updates
2014-05-20 13:23:16
  • Multiple Updates
2014-02-17 11:18:51
  • Multiple Updates
2013-11-25 13:20:47
  • Multiple Updates
2013-11-11 12:40:22
  • Multiple Updates
2013-09-20 13:20:10
  • Multiple Updates
2013-09-18 13:19:49
  • Multiple Updates
2013-08-22 17:19:57
  • Multiple Updates
2013-06-27 13:20:08
  • Multiple Updates
2013-05-16 17:03:18
  • Multiple Updates
2013-05-14 13:18:47
  • First insertion