Search for vulnerabilities
Vulnerability details: VCID-3gy5-sjc8-aaak
Vulnerability ID VCID-3gy5-sjc8-aaak
Aliases CVE-2009-1270
Summary libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01525 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.01618 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.04495 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.08068 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.08068 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.08068 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.08068 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
epss 0.11582 https://api.first.org/data/v1/epss?cve=CVE-2009-1270
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=495036
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2009-1270
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://osvdb.org/53461
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1270.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270
http://secunia.com/advisories/34716
http://secunia.com/advisories/36701
https://exchange.xforce.ibmcloud.com/vulnerabilities/49846
http://support.apple.com/kb/HT3865
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462
http://www.debian.org/security/2009/dsa-1771
http://www.mandriva.com/security/advisories?name=MDVSA-2009:097
http://www.openwall.com/lists/oss-security/2009/04/07/6
http://www.securityfocus.com/bid/34357
http://www.ubuntu.com/usn/usn-754-1
http://www.vupen.com/english/advisories/2009/0934
495036 https://bugzilla.redhat.com/show_bug.cgi?id=495036
523016 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523016
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
CVE-2009-1270 https://nvd.nist.gov/vuln/detail/CVE-2009-1270
GLSA-200909-04 https://security.gentoo.org/glsa/200909-04
USN-754-1 https://usn.ubuntu.com/754-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1270
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.79558
EPSS Score 0.01525
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.