What is the severity of CVE-2007-0897?

CVE-2007-0897 has a medium severity rating as it can lead to a denial of service due to file descriptor consumption.

How do I fix CVE-2007-0897?

To fix CVE-2007-0897, you should upgrade ClamAV to version 0.90 or later.

What software versions are affected by CVE-2007-0897?

CVE-2007-0897 affects ClamAV versions prior to 0.90, including various versions like 0.84 and earlier.

What type of attack does CVE-2007-0897 enable?

CVE-2007-0897 allows remote attackers to conduct denial of service attacks through specially crafted CAB archives.

Is there a workaround for CVE-2007-0897 if I can't update?

A temporary workaround for CVE-2007-0897 is to monitor and limit the file types being scanned by ClamAV.

Vulnerability/
CVE-2007-0897

high

7.5

CWE

NVD-CWE-Other 772

16/2/2007

7/8/2024

CVE-2007-0897

First published: Fri Feb 16 2007(Updated: )

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
ClamXAV	<=0.22
ClamXAV	<=0.80_rc2
ClamXAV	<=0.87
ClamXAV	<=0.84_rc2
ClamXAV	<=0.60
ClamXAV	<=0.20
ClamXAV	<=0.87.1
ClamXAV	<=0.52
ClamXAV	<=0.67
ClamXAV	<=0.80
ClamXAV	<=0.74
ClamXAV	<=0.73
ClamXAV	<=0.68.1
ClamXAV	<=0.23
ClamXAV	<=0.88.1
ClamXAV	<=0.21
ClamXAV	<=0.85
ClamXAV	<=0.88.4
ClamXAV	<=0.80_rc4
ClamXAV	<=0.88
ClamXAV	<=0.75
ClamXAV	<=0.65
ClamXAV	<=0.75.1
ClamXAV	<=0.80_rc1
ClamXAV	<=0.51
ClamXAV	<=0.83
ClamXAV	<=0.72
ClamXAV	<=0.53
ClamXAV	<=0.82
ClamXAV	<=0.71
ClamXAV	<=0.15
ClamXAV	<=0.54
ClamXAV	<=0.86.1
ClamXAV	<=0.68
ClamXAV	<=0.86_rc1
ClamXAV	<=0.81
ClamXAV	<=0.84_rc1
ClamXAV	<=0.84
ClamXAV	<=0.70
ClamXAV	<=0.86.2
ClamXAV	<=0.80_rc3
ClamXAV	<=0.60p
ClamXAV	<=0.88.3
ClamXAV	<=0.24
ClamXAV	<=0.88.6
ClamXAV	<=0.86
ClamXAV	<=0.85.1
ClamXAV	<=0.81_rc1
ClamAV	<0.90
Apple macOS Server	<10.4.11
Debian	=3.1
ClamAV	<=0.15
ClamAV	<=0.20
ClamAV	<=0.21
ClamAV	<=0.22
ClamAV	<=0.23
ClamAV	<=0.24
ClamAV	<=0.51
ClamAV	<=0.52
ClamAV	<=0.53
ClamAV	<=0.54
ClamAV	<=0.60
ClamAV	<=0.60p
ClamAV	<=0.65
ClamAV	<=0.67
ClamAV	<=0.68
ClamAV	<=0.68.1
ClamAV	<=0.70
ClamAV	<=0.71
ClamAV	<=0.72
ClamAV	<=0.73
ClamAV	<=0.74
ClamAV	<=0.75
ClamAV	<=0.75.1
ClamAV	<=0.80
ClamAV	<=0.80_rc1
ClamAV	<=0.80_rc2
ClamAV	<=0.80_rc3
ClamAV	<=0.80_rc4
ClamAV	<=0.81
ClamAV	<=0.81_rc1
ClamAV	<=0.82
ClamAV	<=0.83
ClamAV	<=0.84
ClamAV	<=0.84_rc1
ClamAV	<=0.84_rc2
ClamAV	<=0.85
ClamAV	<=0.85.1
ClamAV	<=0.86
ClamAV	<=0.86.1
ClamAV	<=0.86.2
ClamAV	<=0.86_rc1
ClamAV	<=0.87
ClamAV	<=0.87.1
ClamAV	<=0.88
ClamAV	<=0.88.1
ClamAV	<=0.88.3
ClamAV	<=0.88.4
ClamAV	<=0.88.6

Remedy

http://secunia.com/advisories/24187

Remedy

http://www.securityfocus.com/bid/22580

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-0897?
CVE-2007-0897 has a medium severity rating as it can lead to a denial of service due to file descriptor consumption.
How do I fix CVE-2007-0897?
To fix CVE-2007-0897, you should upgrade ClamAV to version 0.90 or later.
What software versions are affected by CVE-2007-0897?
CVE-2007-0897 affects ClamAV versions prior to 0.90, including various versions like 0.84 and earlier.
What type of attack does CVE-2007-0897 enable?
CVE-2007-0897 allows remote attackers to conduct denial of service attacks through specially crafted CAB archives.
Is there a workaround for CVE-2007-0897 if I can't update?
A temporary workaround for CVE-2007-0897 is to monitor and limit the file types being scanned by ClamAV.

agent/references
agent/type
agent/remedy
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/author
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
collector/nvd-index
agent/softwarecombine
vendor/clam anti-virus
canonical/clamxav
version/clamxav/0.22
version/clamxav/0.80_rc2
version/clamxav/0.87
version/clamxav/0.84_rc2
version/clamxav/0.60
version/clamxav/0.20
version/clamxav/0.87.1
version/clamxav/0.52
version/clamxav/0.67
version/clamxav/0.80
version/clamxav/0.74
version/clamxav/0.73
version/clamxav/0.68.1
version/clamxav/0.23
version/clamxav/0.88.1
version/clamxav/0.21
version/clamxav/0.85
version/clamxav/0.88.4
version/clamxav/0.80_rc4
version/clamxav/0.88
version/clamxav/0.75
version/clamxav/0.65
version/clamxav/0.75.1
version/clamxav/0.80_rc1
version/clamxav/0.51
version/clamxav/0.83
version/clamxav/0.72
version/clamxav/0.53
version/clamxav/0.82
version/clamxav/0.71
version/clamxav/0.15
version/clamxav/0.54
version/clamxav/0.86.1
version/clamxav/0.68
version/clamxav/0.86_rc1
version/clamxav/0.81
version/clamxav/0.84_rc1
version/clamxav/0.84
version/clamxav/0.70
version/clamxav/0.86.2
version/clamxav/0.80_rc3
version/clamxav/0.60p
version/clamxav/0.88.3
version/clamxav/0.24
version/clamxav/0.88.6
version/clamxav/0.86
version/clamxav/0.85.1
version/clamxav/0.81_rc1
vendor/clamav
canonical/clamav
vendor/apple
canonical/apple macos server
vendor/debian
canonical/debian
version/debian/3.1
version/clamav/0.15
version/clamav/0.20
version/clamav/0.21
version/clamav/0.22
version/clamav/0.23
version/clamav/0.24
version/clamav/0.51
version/clamav/0.52
version/clamav/0.53
version/clamav/0.54
version/clamav/0.60
version/clamav/0.60p
version/clamav/0.65
version/clamav/0.67
version/clamav/0.68
version/clamav/0.68.1
version/clamav/0.70
version/clamav/0.71
version/clamav/0.72
version/clamav/0.73
version/clamav/0.74
version/clamav/0.75
version/clamav/0.75.1
version/clamav/0.80
version/clamav/0.80_rc1
version/clamav/0.80_rc2
version/clamav/0.80_rc3
version/clamav/0.80_rc4
version/clamav/0.81
version/clamav/0.81_rc1
version/clamav/0.82
version/clamav/0.83
version/clamav/0.84
version/clamav/0.84_rc1
version/clamav/0.84_rc2
version/clamav/0.85
version/clamav/0.85.1
version/clamav/0.86
version/clamav/0.86.1
version/clamav/0.86.2
version/clamav/0.86_rc1
version/clamav/0.87
version/clamav/0.87.1
version/clamav/0.88
version/clamav/0.88.1
version/clamav/0.88.3
version/clamav/0.88.4
version/clamav/0.88.6

CVE-2007-0897

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-0897?

How do I fix CVE-2007-0897?

What software versions are affected by CVE-2007-0897?

What type of attack does CVE-2007-0897 enable?

Is there a workaround for CVE-2007-0897 if I can't update?

Company

Resources

Contact