Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when Enabled scanning of archives is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Anti-virus | Sophos | 4.04 (including) | 4.04 (including) |
| Anti-virus | Sophos | 4.05 (including) | 4.05 (including) |
| Anti-virus | Sophos | 4.5.3 (including) | 4.5.3 (including) |
| Anti-virus | Sophos | 4.5.4 (including) | 4.5.4 (including) |
| Anti-virus | Sophos | 4.5.11 (including) | 4.5.11 (including) |
| Anti-virus | Sophos | 4.5.12 (including) | 4.5.12 (including) |
| Anti-virus | Sophos | 4.7.1 (including) | 4.7.1 (including) |
| Anti-virus | Sophos | 4.7.2 (including) | 4.7.2 (including) |
| Anti-virus | Sophos | 5.0.1 (including) | 5.0.1 (including) |
| Anti-virus | Sophos | 5.0.2 (including) | 5.0.2 (including) |
| Anti-virus | Sophos | 5.0.4 (including) | 5.0.4 (including) |
| Anti-virus | Sophos | 5.1 (including) | 5.1 (including) |
| Anti-virus | Sophos | 5.2 (including) | 5.2 (including) |
| Anti-virus | Sophos | 5.2.1 (including) | 5.2.1 (including) |
| Anti-virus | Sophos | 6.0.4 (including) | 6.0.4 (including) |
| Endpoint_security | Sophos | * | 6.04 (including) |