製品・ソフトウェアに関する情報

JVN脆弱性詳細

ClamAV における整数オーバーフローの脆弱性

Title	ClamAV における整数オーバーフローの脆弱性
Summary	ClamAV には、整数オーバーフローの脆弱性が存在します。
Possible impacts	第三者により、巧妙に細工された Portable Executable (PE) ファイルを介して、必要量より少ないメモリ割り当てが発生した際、ヒープベースのバッファオーバーフローを誘発され、サービス運用妨害 (スキャンサービスクラッシュ) 状態にされる、および任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 16, 2006, midnight
Registration Date	June 26, 2012, 3:37 p.m.
Last Update	June 26, 2012, 3:37 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

ClamAV

ClamAV 0.88.1、0.88.4、および 0.88.5 未満のその他のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-4182	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182
National Vulnerability Database (NVD)
2	CVE-2006-4182	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4182

ベンダー情報

No	Name	URL
ClamAV
1	Top Page	http://www.clamav.net/lang/en/

その他

No	Name	URL
US-CERT Technical Cyber Security Alert
1	TA06-333A	http://www.us-cert.gov/cas/techalerts/TA06-333A.html
US-CERT Vulnerability Note
2	http://www.kb.cert.org/vuls/id/180864	VU#180864

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-4182

Summary	Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
Summary	Desbordamiento de entero en ClamAV 0.88.1 y 0.88.4, y otras versiones anteriores a 0.88.5, permite a atacantes remotos provocar una denegación de servicio (caída del servicio de escaneo) y ejecutar código de su elección mediante un Ejecutable Portátil (Portable Executable, PE) creado artesanalmente, que provoca un desbordamiento de búfer basado en montón cuando se ha reservado menos memoria de la esperada.
Publication Date	Oct. 17, 2006, 8:07 a.m.
Registration Date	Jan. 29, 2021, 3:43 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:clam_anti-virus:clamav::::::::		0.88.4
cpe:2.3:a:clam_anti-virus:clamav:.:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.15:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.20:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.21:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.22:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.23:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.24:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.51:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.52:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.53:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.54:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60p:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.65:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.67:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.70:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.71:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.72:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.73:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.74:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.82:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.83:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.3:::::::*

Related information, measures and tools

No	URL	refsource
1	http://docs.info.apple.com/article.html?artnum=304829	cve@mitre.org
2	http://kolab.org/security/kolab-vendor-notice-13.txt	cve@mitre.org
3	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422	cve@mitre.org
4	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	cve@mitre.org
5	http://secunia.com/advisories/22370	cve@mitre.org
6	http://secunia.com/advisories/22421	cve@mitre.org
7	http://secunia.com/advisories/22488	cve@mitre.org
8	http://secunia.com/advisories/22498	cve@mitre.org
9	http://secunia.com/advisories/22537	cve@mitre.org
10	http://secunia.com/advisories/22551	cve@mitre.org
11	http://secunia.com/advisories/22626	cve@mitre.org
12	http://secunia.com/advisories/23155	cve@mitre.org
13	http://security.gentoo.org/glsa/glsa-200610-10.xml	cve@mitre.org
14	http://securitytracker.com/id?1017068	cve@mitre.org
15	http://www.debian.org/security/2006/dsa-1196	cve@mitre.org
16	http://www.kb.cert.org/vuls/id/180864	cve@mitre.org
17	http://www.mandriva.com/security/advisories?name=MDKSA-2006:184	cve@mitre.org
18	http://www.novell.com/linux/security/advisories/2006_60_clamav.html	cve@mitre.org
19	http://www.securityfocus.com/bid/20535	cve@mitre.org
20	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	cve@mitre.org
21	http://www.vupen.com/english/advisories/2006/4034	cve@mitre.org
22	http://www.vupen.com/english/advisories/2006/4136	cve@mitre.org
23	http://www.vupen.com/english/advisories/2006/4264	cve@mitre.org
24	http://www.vupen.com/english/advisories/2006/4750	cve@mitre.org
25	https://exchange.xforce.ibmcloud.com/vulnerabilities/29607	cve@mitre.org
26	http://docs.info.apple.com/article.html?artnum=304829	af854a3a-2127-422b-91ae-364da2661108
27	http://kolab.org/security/kolab-vendor-notice-13.txt	af854a3a-2127-422b-91ae-364da2661108
28	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422	af854a3a-2127-422b-91ae-364da2661108
29	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
30	http://secunia.com/advisories/22370	af854a3a-2127-422b-91ae-364da2661108
31	http://secunia.com/advisories/22421	af854a3a-2127-422b-91ae-364da2661108
32	http://secunia.com/advisories/22488	af854a3a-2127-422b-91ae-364da2661108
33	http://secunia.com/advisories/22498	af854a3a-2127-422b-91ae-364da2661108
34	http://secunia.com/advisories/22537	af854a3a-2127-422b-91ae-364da2661108
35	http://secunia.com/advisories/22551	af854a3a-2127-422b-91ae-364da2661108
36	http://secunia.com/advisories/22626	af854a3a-2127-422b-91ae-364da2661108
37	http://secunia.com/advisories/23155	af854a3a-2127-422b-91ae-364da2661108
38	http://security.gentoo.org/glsa/glsa-200610-10.xml	af854a3a-2127-422b-91ae-364da2661108
39	http://securitytracker.com/id?1017068	af854a3a-2127-422b-91ae-364da2661108
40	http://www.debian.org/security/2006/dsa-1196	af854a3a-2127-422b-91ae-364da2661108
41	http://www.kb.cert.org/vuls/id/180864	af854a3a-2127-422b-91ae-364da2661108
42	http://www.mandriva.com/security/advisories?name=MDKSA-2006:184	af854a3a-2127-422b-91ae-364da2661108
43	http://www.novell.com/linux/security/advisories/2006_60_clamav.html	af854a3a-2127-422b-91ae-364da2661108
44	http://www.securityfocus.com/bid/20535	af854a3a-2127-422b-91ae-364da2661108
45	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	af854a3a-2127-422b-91ae-364da2661108
46	http://www.vupen.com/english/advisories/2006/4034	af854a3a-2127-422b-91ae-364da2661108
47	http://www.vupen.com/english/advisories/2006/4136	af854a3a-2127-422b-91ae-364da2661108
48	http://www.vupen.com/english/advisories/2006/4264	af854a3a-2127-422b-91ae-364da2661108
49	http://www.vupen.com/english/advisories/2006/4750	af854a3a-2127-422b-91ae-364da2661108
50	https://exchange.xforce.ibmcloud.com/vulnerabilities/29607	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:clam_anti-virus:clamav::::::::		0.88.4
cpe:2.3:a:clam_anti-virus:clamav:.:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.15:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.20:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.21:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.22:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.23:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.24:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.51:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.52:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.53:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.54:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.60p:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.65:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.67:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.68.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.70:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.71:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.72:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.73:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.74:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.75.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.82:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.83:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.85.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86.2:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.87.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.1:::::::*
cpe:2.3:a:clam_anti-virus:clamav:0.88.3:::::::*