Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2004-2075

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 May, 2005 | 04:00
Updated At-08 Aug, 2024 | 01:15
Rejected At-
Credits

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 May, 2005 | 04:00
Updated At:08 Aug, 2024 | 01:15
Rejected At:
▼CVE Numbering Authority (CNA)

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1009042
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/10855
third-party-advisory
x_refsource_SECUNIA
http://www.osvdb.org/3925
vdb-entry
x_refsource_OSVDB
http://www.sophos.com/support/news/#mime-378
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/9648
vdb-entry
x_refsource_BID
Hyperlink: http://securitytracker.com/id?1009042
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/10855
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.osvdb.org/3925
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.sophos.com/support/news/#mime-378
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/9648
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1009042
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/10855
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.osvdb.org/3925
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.sophos.com/support/news/#mime-378
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/9648
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://securitytracker.com/id?1009042
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/10855
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.osvdb.org/3925
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.sophos.com/support/news/#mime-378
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/9648
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Dec, 2004 | 05:00
Updated At:03 Apr, 2025 | 01:03

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Sophos Ltd.
sophos
>>sophos_anti-virus>>3.46
cpe:2.3:a:sophos:sophos_anti-virus:3.46:*:*:*:*:*:*:*
Sophos Ltd.
sophos
>>sophos_anti-virus>>3.78
cpe:2.3:a:sophos:sophos_anti-virus:3.78:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/10855cve@mitre.org
N/A
http://securitytracker.com/id?1009042cve@mitre.org
N/A
http://www.osvdb.org/3925cve@mitre.org
N/A
http://www.securityfocus.com/bid/9648cve@mitre.org
Patch
http://www.sophos.com/support/news/#mime-378cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/15191cve@mitre.org
N/A
http://secunia.com/advisories/10855af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1009042af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.osvdb.org/3925af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/9648af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.sophos.com/support/news/#mime-378af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/15191af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://secunia.com/advisories/10855
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1009042
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.osvdb.org/3925
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/9648
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.sophos.com/support/news/#mime-378
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/10855
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1009042
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.osvdb.org/3925
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/9648
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.sophos.com/support/news/#mime-378
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/15191
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2006-5646
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-41.09% / 97.29%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 15:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-anti-virusendpoint_securityn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5645
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-14.75% / 94.23%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 15:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-anti-virusendpoint_securityn/a
CWE ID-CWE-399
Not Available
CVE-2006-4839
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-01 Nov, 2006 | 15:00
Updated-07 Aug, 2024 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-sophos_anti-virusn/a
CVE-2005-1530
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.98% / 90.31%
||
7 Day CHG~0.00%
Published-19 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-sophos_anti-virussophos_small_business_suitesophos_puremessage_anti-virussophos_mailmonitorsophos_mailmonitor_for_notes_dominon/a
CVE-2008-7104
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-27 Aug, 2009 | 20:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (message queue delay and incomplete spam rule update) via a crafted (1) RTF or (2) PDF file.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-puremessage_for_microsoft_exchangen/a
CVE-2008-7106
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.98% / 75.86%
||
7 Day CHG~0.00%
Published-27 Aug, 2009 | 20:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation of Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2, when both anti-virus and anti-spam are supported, does not create or launch the associated scan engines when the system is under heavy load, which has unspecified impact, probably remote bypass of scanner protection or a denial of service (message loss or delay).

Action-Not Available
Vendor-n/aSophos Ltd.
Product-puremessage_for_microsoft_exchangen/a
CVE-2008-7105
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-27 Aug, 2009 | 20:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows remote attackers to cause a denial of service (EdgeTransport.exe termination) via a TNEF-encoded message with a crafted rich text body that is not properly handled during conversion to plain text. NOTE: this might be related to CVE-2008-7104.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-puremessage_for_microsoft_exchangen/a
CVE-2008-3177
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.05% / 90.37%
||
7 Day CHG~0.00%
Published-15 Jul, 2008 | 18:03
Updated-07 Aug, 2024 | 09:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sophos virus detection engine 2.75 on Linux and Unix, as used in Sophos Email Appliance, Pure Message for Unix, and Sophos Anti-Virus Interface (SAVI), allows remote attackers to cause a denial of service (engine crash) via zero-length MIME attachments.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-es1000sophos_anti-virussophos_puremessage_anti-viruses4000email_appliancen/a
CWE ID-CWE-16
Not Available
Details not found