Candidate: CVE-2009-1372
PublicDate: 2009-04-23 15:30:00 UTC
References: 
 https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/360502
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1372
Description:
 Stack-based buffer overflow in the cli_url_canon function in
 libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to
 cause a denial of service (application crash) and possibly execute
 arbitrary code via a crafted URL.
Ubuntu-Description: 
Notes: 
 jdstrand> only 0.95 is affected (affected code not present-- part of
  url_hash_match() was moved out to the new cli_url_canon() in 0.95, and
  cli_url_canon() introduced the bug)
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_clamav:
upstream_clamav: released (0.95.1)
dapper_clamav: not-affected
hardy_clamav: not-affected
intrepid_clamav: not-affected (0.94.dfsg.2-1ubuntu0.2)
devel_clamav: not-affected (0.95.1+dfsg-0ubuntu1)