CVE-2007-4577
UnknownEPSS 5.53%
Last modified
CVE-2007-4577 is a vulnerability of currently unknown severity. Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").. EPSS estimates a 5.53% chance of exploitation in the next 30 days.
Description
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sophos | Anti-Virus | 3.4.6 |
| Sophos | Anti-Virus | 3.78 |
| Sophos | Anti-Virus | 3.78d |
| Sophos | Anti-Virus | 3.79 |
| Sophos | Anti-Virus | 3.80 |
| Sophos | Anti-Virus | 3.81 |
| Sophos | Anti-Virus | 3.82 |
| Sophos | Anti-Virus | 3.83 |
| Sophos | Anti-Virus | 3.84 |
| Sophos | Anti-Virus | 3.85 |
| Sophos | Anti-Virus | 3.86 |
| Sophos | Anti-Virus | 3.90 |
| Sophos | Anti-Virus | 3.91 |
| Sophos | Anti-Virus | 3.95 |
| Sophos | Anti-Virus | 3.96.0 |
| Sophos | Anti-Virus | 4.03 |
| Sophos | Anti-Virus | 4.04 |
| Sophos | Anti-Virus | 4.05 |
| Sophos | Anti-Virus | 4.5.3 |
| Sophos | Anti-Virus | 4.5.4 |
| Sophos | Anti-Virus | 4.5.11 |
| Sophos | Anti-Virus | 4.5.12 |
| Sophos | Anti-Virus | 4.7.1 |
| Sophos | Anti-Virus | 4.7.2 |
| Sophos | Anti-Virus | 5.0.1 |
| Sophos | Anti-Virus | 5.0.2 |
| Sophos | Anti-Virus | 5.0.4 |
| Sophos | Anti-Virus | 5.0.9 |
| Sophos | Anti-Virus | 5.1 |
| Sophos | Anti-Virus | 5.2 |
| Sophos | Anti-Virus | 5.2.1 |
| Sophos | Anti-Virus | 6.5 |
| Sophos | Scanning Engine | 2.30.4 |
| Sophos | Scanning Engine | 2.40.2 |
| Sophos | Small Business Suite | 4.04 |
| Sophos | Small Business Suite | 4.05 |
References
- http://secunia.com/advisories/26580Patch, Vendor Advisory
- http://secunia.com/advisories/26580Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4577?
Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed BZip file that results in the creation of multiple Engine temporary files (aka a "BZip bomb").
How severe is CVE-2007-4577?
Severity scoring for CVE-2007-4577 is pending analysis. The EPSS model estimates a 5.53% probability of exploitation in the next 30 days.
How do I fix CVE-2007-4577?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2007-4577?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST