Remote Denial of Service Vulnerability in ClamAV by Cisco
CVE-2015-2221

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 12 May 2015

What is CVE-2015-2221?

ClamAV versions prior to 0.98.7 are susceptible to a remote denial of service vulnerability, enabling attackers to exploit a crafted y0da cryptor file. This exploitation can lead to an infinite loop, disrupting the service and rendering ClamAV incapable of performing its essential functions, potentially impacting the security posture of systems relying on this antivirus engine.

References

http://ubuntu.com/usn/usn-2594-1

vendor-advisoryx_refsource_UBUNTU

https://security.gentoo.org/glsa/201512-08

vendor-advisoryx_refsource_GENTOO

http://blog.clamav.net/2015/04/clamav-0987-has-been-relea...

x_refsource_CONFIRM

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 5, 2015

Clamav

What is CVE-2015-2221?

References

Timeline