CVE-2008-0308

Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Published: Feb 28, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0308
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
symantec / symantec_antivirus_filtering_domino_mpe	-	3.0.12.x
symantec / symantec_antivirus_ms_isa	-	4.3.16.39.x
symantec / symantec_antivirus_scan_engine	-	4.3.16.39.x
symantec / symantec_antivirus_messaging	-	4.3.16.39.x
symantec / scan_engine	-	5.1.4.24.x
symantec / symantec_antivirus_microsoft_sharepoint	-	4.3.16.39.x
symantec / symantec_mail_security_exchange	-	4.6.5.12.x
symantec / symantec_mail_security_exchange	-	5.0.4.363.x
symantec / symantec_antivirus_clearswift	-	4.3.16.39.x
symantec / symantec_antivirus_scan_engine_caching	-	4.3.16.39.x
symantec / symantec_antivirus_network_attached_storage	-	4.3.16.39.x

Vulnerability Database

289,697

CVE-2008-0308