oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: heap buffer overflow in ClamAV

From: cve-assign () mitre org
Date: Sat, 22 Nov 2014 00:45:34 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


https://bugzilla.clamav.net/show_bug.cgi?id=11155


This is apparently not a public bug report at the moment.


https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e


It seems possible that this fixed other issues apart from the y0da
Crypter heap-based buffer overflow.


A heap buffer overflow was reported in ClamAV when scanning a
specially crafted y0da Crypter obfuscated PE file.


Use CVE-2014-9050 only for this specific buffer overflow. If any other
vulnerability was fixed in fc3794a54d2affe5770c1f876484a871c783e91e, it
would have a different CVE ID.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUcCKOAAoJEKllVAevmvms5ZwIAL1Azwt2oleqjIProgVYER41
22eCopXXb77Pk+3mk5BQtf/B6VumKxLtWJVB6AeQW+AwHOXOmRRdDpC6UoqJtvHZ
UaPy0v5vRSoyWLverIiajD+wvRZb2ukj08dZq7AzNusnQUfhFl/BML0LrUYwZIT7
Qe/+RFnmpqbPiZ+rsXyMGH25agXX0Lj4gfU0dKwc/Gkqin7+3ukXfOFLxQVjWzUR
8yBojJav/hHEcblGHMvxU4YUSFP6GdZGRKzrK9Qb3iDhR2r8HuKKfI2AUqeqyWG4
gjZKBSNtHwNtgoC4J7Q6chtil8tuwRFBqE3xtMIuo0QG5BO9dxRwYK2TvIt0a0U=
=jlDq
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: