Off-by-One Error in ClamAV Leading to Denial of Service
CVE-2011-2721

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 5 August 2011

What is CVE-2011-2721?

The off-by-one error in the cli_hm_scan function within matcher-hash.c of ClamAV can be exploited by remote attackers to trigger a denial of service. This occurs through specially crafted email messages, which cause a crash of the ClamAV daemon due to improper handling during hash calculations. It is critical for users to ensure they are running versions of ClamAV that are patched to address this vulnerability.

References

http://secunia.com/advisories/45382

third-party-advisoryx_refsource_SECUNIA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 5, 2011
Vulnerability Reserved
Jul 11, 2011

Clamav

What is CVE-2011-2721?

References

Timeline