CVE-2006-1989
clamav - buffer overflow
EPSS 4.5%
Description
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
How to fix CVE-2006-1989
To remediate CVE-2006-1989, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.88.2 or later
- Debian/clamav—upgrade to 0.84-2.sarge.9 or later
Is CVE-2006-1989 being exploited?
Low — EPSS is 4.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.88.2
- from 0, < 0.84-2.sarge.9