CVE-2009-1270 : libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a craft

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

Published 2009-04-08 16:30:00

Updated 2022-02-10 16:25:17

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Threat overview for CVE-2009-1270

Top countries where our scanners detected CVE-2009-1270

Top open port discovered on systems with this issue 5555

IPs affected by CVE-2009-1270 121

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-1270!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-1270

Probability of exploitation activity in the next 30 days: 10.83%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1270

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:N/I:N/A:C	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2009-1270

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1270

http://www.vupen.com/english/advisories/2009/0934

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/34357

Third Party Advisory;VDB Entry

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/49846

Third Party Advisory;VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2009:097

Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/usn-754-1

Third Party Advisory

CVEs referencing this url
http://support.apple.com/kb/HT3865

About Security Update 2009-005 - Apple Support
Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2009/04/07/6

Mailing List;Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462

Broken Link;Issue Tracking
http://www.debian.org/security/2009/dsa-1771

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2009-1270