oss-sec mailing list archives
Re: CVE request: heap buffer overflow in ClamAV
From: cve-assign () mitre org
Date: Sat, 22 Nov 2014 00:45:34 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://bugzilla.clamav.net/show_bug.cgi?id=11155
This is apparently not a public bug report at the moment.
https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
It seems possible that this fixed other issues apart from the y0da Crypter heap-based buffer overflow.
A heap buffer overflow was reported in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file.
Use CVE-2014-9050 only for this specific buffer overflow. If any other vulnerability was fixed in fc3794a54d2affe5770c1f876484a871c783e91e, it would have a different CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUcCKOAAoJEKllVAevmvms5ZwIAL1Azwt2oleqjIProgVYER41 22eCopXXb77Pk+3mk5BQtf/B6VumKxLtWJVB6AeQW+AwHOXOmRRdDpC6UoqJtvHZ UaPy0v5vRSoyWLverIiajD+wvRZb2ukj08dZq7AzNusnQUfhFl/BML0LrUYwZIT7 Qe/+RFnmpqbPiZ+rsXyMGH25agXX0Lj4gfU0dKwc/Gkqin7+3ukXfOFLxQVjWzUR 8yBojJav/hHEcblGHMvxU4YUSFP6GdZGRKzrK9Qb3iDhR2r8HuKKfI2AUqeqyWG4 gjZKBSNtHwNtgoC4J7Q6chtil8tuwRFBqE3xtMIuo0QG5BO9dxRwYK2TvIt0a0U= =jlDq -----END PGP SIGNATURE-----
Current thread:
- CVE request: heap buffer overflow in ClamAV Damien Millescamps (Nov 21)
- Re: CVE request: heap buffer overflow in ClamAV cve-assign (Nov 21)