CVE-2013-4602

A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 7.1 HIGH

5.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1028666	Third Party Advisory VDB Entry
https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/60552	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/85099	Third Party Advisory VDB Entry
https://vuldb.com/?id.9151	Permissions Required Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:avira:antivir_mailgate::::::::
	cpe:2.3:a:avira:antivir_mailgate_suite::::::::
	cpe:2.3:a:avira:antivir_personal::::::::
	cpe:2.3:a:avira:antivir_sharepoint::::::::
	cpe:2.3:a:avira:antivir_webgate::::::::
	cpe:2.3:a:avira:antivir_webgate_suite::::::::
	cpe:2.3:a:avira:antivirus_server::::::::
	cpe:2.3:a:avira:exchange_security::::::::
	cpe:2.3:a:avira:professional_security::::::::
	cpe:2.3:a:avira:savapi::::::::

Information

Published : 2020-02-12 14:15

Updated : 2020-02-18 11:10

NVD link : CVE-2013-4602

Mitre link : CVE-2013-4602

JSON object : View

CWE

CWE-400

Uncontrolled Resource Consumption

Advertisement

Products Affected

avira

antivir_mailgate
antivir_sharepoint
antivir_mailgate_suite
antivir_personal
savapi
professional_security
antivir_webgate_suite
antivir_webgate
antivirus_server
exchange_security

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id/1028666", "name": "http://www.securitytracker.com/id/1028666", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html", "name": "https://packetstormsecurity.com/files/122024/Avira-AntiVir-Engine-Denial-Of-Service-Filter-Evasion.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/60552", "name": "http://www.securityfocus.com/bid/60552", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85099", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85099", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.9151", "name": "https://vuldb.com/?id.9151", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A Denial of Service (infinite loop) vulnerability exists in Avira AntiVir Engine before 8.2.12.58 via an unspecified function in the PDF Scanner Engine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-400"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-4602", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "acInsufInfo": false, "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}}, "publishedDate": "2020-02-12T22:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:avira:antivir_mailgate:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivir_mailgate_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivir_personal:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivir_sharepoint:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivir_webgate:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivir_webgate_suite:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:antivirus_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:exchange_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:professional_security:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}, {"cpe23Uri": "cpe:2.3:a:avira:savapi:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "8.2.12.58"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-02-18T19:10Z"}