Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Nov 2014 11:04:10 +0000
From: Damien Millescamps <Damien.Millescamps@...ida.fr>
To: "'oss-security@...ts.openwall.com'" <oss-security@...ts.openwall.com>
Subject: CVE request: heap buffer overflow in ClamAV

Hi,

A heap buffer overflow was reported in [1] in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file.
Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.

Upstream fix is available here: [2].
ClamAV 0.98.5 contains the above fix.

Additional references:
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11155
[2] https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e

Can a CVE be assigned to this, please ?

Thanks,
--
Damien Millescamps | Oppida

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.