CVE-2008-1836

Name: CVE-2008-1836
Creator: NVD / NIST
Published: 2008-04-16T16:05:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.55%

Last modified Jun 16, 2026

CVE-2008-1836 is a vulnerability of currently unknown severity. The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.. EPSS estimates a 3.55% chance of exploitation in the next 30 days.

Description

The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.

Metrics

EPSS Probability

3.55%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Clam Anti-Virus	Clamav	0.90
Clam Anti-Virus	Clamav	0.90.1
Clam Anti-Virus	Clamav	0.90_rc1.1
Clam Anti-Virus	Clamav	0.90_rc2
Clam Anti-Virus	Clamav	0.90_rc3
Clam Anti-Virus	Clamav	0.90rc1
Clam Anti-Virus	Clamav	0.91
Clam Anti-Virus	Clamav	0.92

References

Timeline

Published: Apr 16, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-1836?

How severe is CVE-2008-1836?

Severity scoring for CVE-2008-1836 is pending analysis. The EPSS model estimates a 3.55% probability of exploitation in the next 30 days.

How do I fix CVE-2008-1836?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-1836?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST