CVE-2011-3627

Publication date 24 October 2011

Last updated 24 July 2024

Ubuntu priority

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	11.10 oneiric	Fixed 0.97.3+dfsg-1ubuntu0.11.10.1
	11.04 natty	Fixed 0.97.3+dfsg-1ubuntu0.11.04.1
	10.10 maverick	Fixed 0.96.5+dfsg-1ubuntu1.10.10.3
	10.04 LTS lucid	Fixed 0.96.5+dfsg-1ubuntu1.10.04.3
	8.04 LTS hardy	Not affected

Notes

jdstrand

http://lurker.clamav.net/message/20111007.133346.a1f67e1c.en.html has PoC

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
clamav	Upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=3d664817f6ef833a17414a4ecea42004c35cc42f

CVE-2011-3627

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references