Denial of Service Vulnerability in Sophos Anti-Virus for Unix/Linux
CVE-2007-4577

Currently unrated

Key Information:

Vendor: Sophos
Status: Anti-virus; Small Business Suite; Scanning Engine
Vendor: CVE Published:; 28 August 2007

Summary

A vulnerability in Sophos Anti-Virus for Unix/Linux prior to version 2.48.0 allows remote attackers to trigger a denial of service by sending a specially crafted BZip file. This can lead to an infinite loop in the BZip file processing, resulting in the generation of numerous temporary files within the antivirus engine, ultimately disrupting system performance and availability.

References

http://www.vupen.com/english/advisories/2007/2972

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/25428

vdb-entryx_refsource_BID

http://secunia.com/advisories/26580

third-party-advisoryx_refsource_SECUNIA

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 28, 2007
Vulnerability Reserved
Aug 28, 2007