CVE-2009-1270

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Clamav	Clamav	*	0.95 (excluding)
Clamav	Ubuntu	dapper	*
Clamav	Ubuntu	devel	*
Clamav	Ubuntu	gutsy	*
Clamav	Ubuntu	hardy	*
Clamav	Ubuntu	intrepid	*
Clamav	Ubuntu	jaunty	*
Clamav	Ubuntu	upstream	*

References

http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/53461
http://secunia.com/advisories/34716
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://www.debian.org/security/2009/dsa-1771
http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
http://www.openwall.com/lists/oss-security/2009/04/07/6
http://www.securityfocus.com/bid/34357
http://www.ubuntu.com/usn/usn-754-1
http://www.vupen.com/english/advisories/2009/0934
https://exchange.xforce.ibmcloud.com/vulnerabilities/49846
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/53461
http://secunia.com/advisories/34716
http://secunia.com/advisories/36701
http://support.apple.com/kb/HT3865
http://www.debian.org/security/2009/dsa-1771
http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
http://www.openwall.com/lists/oss-security/2009/04/07/6
http://www.securityfocus.com/bid/34357
http://www.ubuntu.com/usn/usn-754-1
http://www.vupen.com/english/advisories/2009/0934
https://exchange.xforce.ibmcloud.com/vulnerabilities/49846
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1270
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References