CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Clamav	Clamav	*	0.88 (including)
Clamav	Clamav	0.01 (including)	0.01 (including)
Clamav	Clamav	0.02 (including)	0.02 (including)
Clamav	Clamav	0.3 (including)	0.3 (including)
Clamav	Clamav	0.03 (including)	0.03 (including)
Clamav	Clamav	0.05 (including)	0.05 (including)
Clamav	Clamav	0.8-rc3 (including)	0.8-rc3 (including)
Clamav	Clamav	0.10 (including)	0.10 (including)
Clamav	Clamav	0.12 (including)	0.12 (including)
Clamav	Clamav	0.13 (including)	0.13 (including)
Clamav	Clamav	0.14 (including)	0.14 (including)
Clamav	Clamav	0.14-pre (including)	0.14-pre (including)
Clamav	Clamav	0.15 (including)	0.15 (including)
Clamav	Clamav	0.20 (including)	0.20 (including)
Clamav	Clamav	0.21 (including)	0.21 (including)
Clamav	Clamav	0.22 (including)	0.22 (including)
Clamav	Clamav	0.23 (including)	0.23 (including)
Clamav	Clamav	0.24 (including)	0.24 (including)
Clamav	Clamav	0.51 (including)	0.51 (including)
Clamav	Clamav	0.52 (including)	0.52 (including)
Clamav	Clamav	0.53 (including)	0.53 (including)
Clamav	Clamav	0.54 (including)	0.54 (including)
Clamav	Clamav	0.60 (including)	0.60 (including)
Clamav	Clamav	0.60p (including)	0.60p (including)
Clamav	Clamav	0.65 (including)	0.65 (including)
Clamav	Clamav	0.66 (including)	0.66 (including)
Clamav	Clamav	0.67 (including)	0.67 (including)
Clamav	Clamav	0.67-1 (including)	0.67-1 (including)
Clamav	Clamav	0.68 (including)	0.68 (including)
Clamav	Clamav	0.68.1 (including)	0.68.1 (including)
Clamav	Clamav	0.70 (including)	0.70 (including)
Clamav	Clamav	0.70-rc (including)	0.70-rc (including)
Clamav	Clamav	0.71 (including)	0.71 (including)
Clamav	Clamav	0.72 (including)	0.72 (including)
Clamav	Clamav	0.73 (including)	0.73 (including)
Clamav	Clamav	0.74 (including)	0.74 (including)
Clamav	Clamav	0.75 (including)	0.75 (including)
Clamav	Clamav	0.75.1 (including)	0.75.1 (including)
Clamav	Clamav	0.80 (including)	0.80 (including)
Clamav	Clamav	0.80-rc (including)	0.80-rc (including)
Clamav	Clamav	0.80-rc1 (including)	0.80-rc1 (including)
Clamav	Clamav	0.80-rc2 (including)	0.80-rc2 (including)
Clamav	Clamav	0.80-rc3 (including)	0.80-rc3 (including)
Clamav	Clamav	0.80-rc4 (including)	0.80-rc4 (including)
Clamav	Clamav	0.81 (including)	0.81 (including)
Clamav	Clamav	0.81-rc1 (including)	0.81-rc1 (including)
Clamav	Clamav	0.82 (including)	0.82 (including)
Clamav	Clamav	0.83 (including)	0.83 (including)
Clamav	Clamav	0.84 (including)	0.84 (including)
Clamav	Clamav	0.84-rc1 (including)	0.84-rc1 (including)
Clamav	Clamav	0.84-rc2 (including)	0.84-rc2 (including)
Clamav	Clamav	0.85 (including)	0.85 (including)
Clamav	Clamav	0.85.1 (including)	0.85.1 (including)
Clamav	Clamav	0.86 (including)	0.86 (including)
Clamav	Clamav	0.86-rc1 (including)	0.86-rc1 (including)
Clamav	Clamav	0.86.1 (including)	0.86.1 (including)
Clamav	Clamav	0.86.2 (including)	0.86.2 (including)
Clamav	Clamav	0.87 (including)	0.87 (including)
Clamav	Clamav	0.87.1 (including)	0.87.1 (including)
Clamav	Ubuntu	dapper	*
Clamav	Ubuntu	devel	*
Clamav	Ubuntu	edgy	*
Clamav	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1615
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

References

CVE-2006-1615

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References