[Clamav-devel] Possible bypass via gz?
bperry.volatile at gmail.com
Sat Feb 22 16:46:04 EST 2014
Is this going to need a CVE? I can forward the info onto oss-sec list
and get a CVE assigned.
On 02/17/2014 08:12 AM, Matt Olney wrote:
> Thanks, Bradon. We'll review this.
> On Sun, Feb 16, 2014 at 7:29 PM, Brandon Perry <bperry.volatile at gmail.com>wrote:
>> Not sure if this person is using an old version of ClamAV and I haven't
>> attempted this, but he alleges he has found a way to bypass gzip'ed
>> tarballs by modifying a specific byte within the headers.
>> Hope this is the correct place to report this.
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
More information about the clamav-devel