[clamav-users] Details on CVE-2010-4260 and CVE-2010-4479?

Garrett Van Dyk garrett at vandykweb.com
Wed Jul 11 10:28:32 EDT 2018


I agree, they are quite old, I'm mostly curious for posterity's sake. It seems strange that two separate CVEs with very little detail. The fix commit is public, looks to be an out of bounds read, just wanted to know if these two CVEs should be considered as related to the same underlying vulnerability, and if not, what the distinguishing factors were.

On 7/7/18, 12:02 PM, "Matus UHLAR - fantomas" <uhlar at fantomas.sk> wrote:

    On 06.07.18 15:48, Garrett Van Dyk wrote:
    >I'm trying to get specific details on these two CVEs: CVE-2010-4260 (
    >https://bugzilla.clamav.net/show_bug.cgi?id=2358 and
    >https://bugzilla.clamav.net/show_bug.cgi?id=2396) and CVE-2010-4479 (
    >https://bugzilla.clamav.net/show_bug.cgi?id=2380). I don't have permissions
    >to view these bugs in Bugzilla.  The issues appear to have been fixed in
    >the same commit (
    >https://github.com/Cisco-Talos/clamav-devel/commit/019f1955194360600ecf0644959ceca6734c2d7b)
    >but this doesn't provide detail on which bug applies to which fix, or the
    >nature of the bugs themselves.  Any help on differentiating these
    >vulnerabilities would be appreciated.
    
    those bugs are apparently security vulnerablities in clamav, and as such
    they are kept private.
    
    why are you trying to get detailt on them?
    
    Yes, they might to be revealed, finally they are some 8 years old...
    -- 
    Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Due to unexpected conditions Windows 2000 will be released
    in first quarter of year 1901
    
    




More information about the clamav-users mailing list