An off-by-one error was found in the way the hash manager of Clam AntiVirus, a GPL anti-virus toolkit for UNIX, performed scan of messages with certain hashes. A remote attacker could provide a message with specially-crafted hash signature in it, leading to denial of service (clamscan executable crash). Upstream bug report: [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818 Relevant patch: [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5 Other references: [3] https://bugzilla.novell.com/show_bug.cgi?id=708263 [4] http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.2 [5] http://www.clamav.net/lang/en/
This issue affects the versions of the clamav package, as shipped with Fedora release of 14 and 15. Please schedule an update. -- This issue affects the versions of the clamav package, as present within EPEL-4, EPEL-5, and EPEL-6 repositories. Please schedule an update.
Created clamav tracking bugs for this issue Affects: epel-all [bug 725695] Affects: fedora-all [bug 725696]
CVE Request: [6] http://www.openwall.com/lists/oss-security/2011/07/26/3
This was assigned CVE-2011-2721: http://www.openwall.com/lists/oss-security/2011/07/26/13