CVE-2005-3500

The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.

Published: Nov 5, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3500
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
clam_anti-virus / clamav	0.24	0.24.x
clam_anti-virus / clamav	0.20	0.20.x
clam_anti-virus / clamav	0.84	0.84.x
clam_anti-virus / clamav	0.80	0.80.x
clam_anti-virus / clamav	0.15	0.15.x
clam_anti-virus / clamav	0.65	0.65.x
clam_anti-virus / clamav	0.75	0.75.x
clam_anti-virus / clamav	0.68	0.68.x
clam_anti-virus / clamav	0.71	0.71.x
clam_anti-virus / clamav	0.86.1	0.86.1.x
clam_anti-virus / clamav	0.82	0.82.x
clam_anti-virus / clamav	0.73	0.73.x
clam_anti-virus / clamav	0.72	0.72.x
clam_anti-virus / clamav	0.85.1	0.85.1.x
clam_anti-virus / clamav	0.87	0.87.x
clam_anti-virus / clamav	0.85	0.85.x
clam_anti-virus / clamav	0.74	0.74.x
clam_anti-virus / clamav	0.75.1	0.75.1.x
clam_anti-virus / clamav	0.86.2	0.86.2.x
clam_anti-virus / clamav	0.67	0.67.x
clam_anti-virus / clamav	0.81	0.81.x
clam_anti-virus / clamav	0.21	0.21.x
clam_anti-virus / clamav	0.54	0.54.x
clam_anti-virus / clamav	0.53	0.53.x
clam_anti-virus / clamav	0.70	0.70.x
clam_anti-virus / clamav	0.60	0.60.x
clam_anti-virus / clamav	0.86	0.86.x
clam_anti-virus / clamav	0.83	0.83.x
clam_anti-virus / clamav	0.68.1	0.68.1.x
clam_anti-virus / clamav	0.51	0.51.x
clam_anti-virus / clamav	0.23	0.23.x
clam_anti-virus / clamav	0.52	0.52.x
clam_anti-virus / clamav	0.22	0.22.x

Vulnerability Database

289,697

CVE-2005-3500