PublicDateAtUSN: 2011-07-27
Candidate: CVE-2011-2721
PublicDate: 2011-08-05 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2721
 https://ubuntu.com/security/notices/USN-1179-1
Description:
 Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav
 in ClamAV before 0.97.2 allows remote attackers to cause a denial of
 service (daemon crash) via an e-mail message that is not properly handled
 during certain hash calculations.
Ubuntu-Description: 
Notes: 
 mdeslaur> maverick and older don't have affected code
Bugs: 
 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2818
 https://bugzilla.redhat.com/show_bug.cgi?id=725694
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635599
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_clamav:
 upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=656dfd0b86817c05cc67964823fb4da8790f243d (backporting)
 upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=4842733eb3f09be61caeed83778bb6679141dbc5
upstream_clamav: released (0.97.2)
hardy_clamav: not-affected (code not present)
lucid_clamav: not-affected (code not present)
maverick_clamav: not-affected (code not present)
natty_clamav: released (0.97+dfsg-2ubuntu1.1)
devel_clamav: released (0.97.1+dfsg-1ubuntu3)