Vulnerabilities > CVE-2006-5645 - Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sophos

CWE-399

NVD

Published: 2006-11-01

Updated: 2018-10-17

Summary

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.

Vulnerable Configurations

Part	Description	Count
Application	Sophos Sophos Anti Virus 4.04 Sophos Anti Virus 4.05 Sophos Anti Virus 4.5.3 Sophos Anti Virus 4.5.4 Sophos Anti Virus 4.5.11 Sophos Anti Virus 4.5.12 Sophos Anti Virus 4.7.1 Sophos Anti Virus 4.7.2 Sophos Anti Virus 5.0.1 Sophos Anti Virus 5.0.2 Sophos Anti Virus 5.0.4 Sophos Anti Virus 5.1 Sophos Anti Virus 5.2 Sophos Anti Virus 5.2.1 Sophos Anti Virus 6.0.4 Sophos Endpoint Security *	16

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References