Home

CVE-2006-4018

Description

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

Risk Information

Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
44.627

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Clamav 0.81Windows
Multiple Vulnerabilities are affected in Clamav 0.82Windows
Multiple Vulnerabilities are affected in Clamav 0.83Windows
Multiple Vulnerabilities are affected in Clamav 0.84Windows
Multiple Vulnerabilities are affected in Clamav 0.85Windows
Multiple Vulnerabilities are affected in Clamav 0.85.1Windows
Multiple Vulnerabilities are affected in Clamav 0.86Windows
Multiple Vulnerabilities are affected in Clamav 0.86.1Windows
Multiple Vulnerabilities are affected in Clamav 0.86.2Windows
Multiple Vulnerabilities are affected in Clamav 0.87Windows
Multiple Vulnerabilities are affected in Clamav 0.87.1Windows
Multiple Vulnerabilities are affected in Clamav 0.88Windows
Multiple Vulnerabilities are affected in Clamav 0.88.1Windows
Multiple Vulnerabilities are affected in Clamav 0.88.2Windows
Multiple Vulnerabilities are affected in Clamav 0.88.3Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)
PATCH-341177ClamAV (0.103.12)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234