ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.
References
Link | Resource |
---|---|
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html | Release Notes Vendor Advisory |
https://bugzilla.clamav.net/show_bug.cgi?id=11946 | Exploit Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html | Mailing List Third Party Advisory |
https://usn.ubuntu.com/3550-1/ | |
https://usn.ubuntu.com/3550-2/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2018-01-26T20:00:00
Updated: 2018-03-15T09:57:02
Reserved: 2017-08-03T00:00:00
Link: CVE-2017-12378
JSON object: View
NVD Information
Status : Modified
Published: 2018-01-26T20:29:00.550
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-12378
JSON object: View
Redhat Information
No data.
CWE