CVE: CVE-2007-0897

Export to Word

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

S10 – Denial of Service

EPSS

Score: 0.05072
Percentile: 0.89335

CVSS Scoring

CVSS v3.1 Score: 7.5

Severity: HIGH

Mapped CWE(s)

CWE-772 : Missing Release of Resource after Effective Lifetime

All CAPEC(s)

CAPEC-469: HTTP DoS

CAPEC(s) with Mapped TTPs

CAPEC-469: HTTP DoS
Mapped TTPs:
- T1499.002 : Service Exhaustion Flood

Mapped ATT&CK TTPs

T1499.002 : Service Exhaustion Flood
Kill Chain: impact

Affected Products

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

← Back to Home