Search criteria
207 vulnerabilities found for ClamAV by ClamAV
CERTFR-2025-AVI-0522
Vulnerability from certfr_avis - Published: 2025-06-19 - Updated: 2025-06-19
De multiples vulnérabilités ont été découvertes dans ClamAV. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.9",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20260"
},
{
"name": "CVE-2025-20234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20234"
}
],
"initial_release_date": "2025-06-19T00:00:00",
"last_revision_date": "2025-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0522",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
]
}
CERTFR-2025-AVI-0068
Vulnerability from certfr_avis - Published: 2025-01-24 - Updated: 2025-01-24
Une vulnérabilité a été découverte dans ClamAV. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20128"
}
],
"initial_release_date": "2025-01-24T00:00:00",
"last_revision_date": "2025-01-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0068",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ClamAV. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans ClamAV",
"vendor_advisories": [
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
]
}
CERTFR-2024-AVI-0744
Vulnerability from certfr_avis - Published: 2024-09-05 - Updated: 2024-09-05
De multiples vulnérabilités ont été découvertes dans ClamAV. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions ant\u00e9rieures \u00e0 0.103.12",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.3.x ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.7",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20506"
},
{
"name": "CVE-2024-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
}
],
"initial_release_date": "2024-09-05T00:00:00",
"last_revision_date": "2024-09-05T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0744",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2024-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-141-132-107-and-010312",
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
]
}
CVE-2025-20260 (GCVE-0-2025-20260)
Vulnerability from nvd – Published: 2025-06-18 17:08 – Updated: 2025-11-03 18:08
VLAI?
Title
ClamAV PDF Scanning Buffer Overflow Vulnerability
Summary
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:55:07.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:44.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:08:36.207Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "clamav-143-and-109-security-patch",
"defects": [
"CSCwo64672"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PDF Scanning Buffer Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20260",
"datePublished": "2025-06-18T17:08:36.207Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-11-03T18:08:44.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20234 (GCVE-0-2025-20234)
Vulnerability from nvd – Published: 2025-06-18 16:20 – Updated: 2025-06-18 18:22
VLAI?
Title
ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.1 Affected: 1.21.0 Affected: 1.21.2 Affected: 1.22.4 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.4 Affected: 1.17.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:20:31.170035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:22:44.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T16:20:01.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-udf-hmwd9nDy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-udf-hmwd9nDy",
"defects": [
"CSCwo45640"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20234",
"datePublished": "2025-06-18T16:20:01.175Z",
"dateReserved": "2024-10-10T19:15:13.237Z",
"dateUpdated": "2025-06-18T18:22:44.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20128 (GCVE-0-2025-20128)
Vulnerability from nvd – Published: 2025-01-22 16:21 – Updated: 2025-11-03 18:08
VLAI?
Title
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 7.2.5 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.12.7 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:54:39.076758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:40:10.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:43.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:21:12.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-ole2-H549rphA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-ole2-H549rphA",
"defects": [
"CSCwm83037"
],
"discovery": "INTERNAL"
},
"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20128",
"datePublished": "2025-01-22T16:21:12.329Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-11-03T18:08:43.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20506 (GCVE-0-2024-20506)
Vulnerability from nvd – Published: 2024-09-04 21:28 – Updated: 2025-11-03 21:52
VLAI?
Title
ClamAV Privilege Handling Escalation Vulnerability
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Severity ?
6.1 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:34:43.487532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:59:30.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:28:54.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk31741"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV Privilege Handling Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20506",
"datePublished": "2024-09-04T21:28:54.812Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20505 (GCVE-0-2024-20505)
Vulnerability from nvd – Published: 2024-09-04 21:23 – Updated: 2025-11-03 21:52
VLAI?
Title
ClamAV Memory Handling DoS
Summary
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
Severity ?
4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:35:13.258736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:00:08.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:23:55.715Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk44457"
],
"discovery": "INTERNAL"
},
"title": "ClamAV Memory Handling DoS"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20505",
"datePublished": "2024-09-04T21:23:55.715Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20380 (GCVE-0-2024-20380)
Vulnerability from nvd – Published: 2024-04-18 19:19 – Updated: 2024-08-01 21:59
VLAI?
Title
ClamAV HTML Parser Denial of Service Vulnerability
Summary
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity ?
7.5 (High)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clam_antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clam_antivirus",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T03:18:49.587479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:59.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": " 1.3"
}
]
}
],
"datePublic": "2024-04-18T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T19:19:21.423Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV HTML Parser Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20380",
"datePublished": "2024-04-18T19:19:21.423Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-08-01T21:59:41.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20328 (GCVE-0-2024-20328)
Vulnerability from nvd – Published: 2024-03-01 20:48 – Updated: 2025-11-04 18:22
VLAI?
Title
ClamAV VirusEvent File Processing Command Injection Vulnerability
Summary
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:40:24.549668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:45:50.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:37.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T20:48:15.328Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV VirusEvent File Processing Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20328",
"datePublished": "2024-03-01T20:48:15.328Z",
"dateReserved": "2023-11-08T15:08:07.641Z",
"dateUpdated": "2025-11-04T18:22:37.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-20052 (GCVE-0-2023-20052)
Vulnerability from nvd – Published: 2023-02-16 15:26 – Updated: 2024-08-02 08:57
VLAI?
Summary
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Severity ?
5.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
6.0.9
Affected: 6.0.7 Affected: 6.1.5 Affected: 6.1.7 Affected: 6.1.9 Affected: 6.2.1 Affected: 6.2.5 Affected: 6.2.19 Affected: 6.2.9 Affected: 6.3.5 Affected: 6.3.1 Affected: 6.3.7 Affected: 6.3.3 Affected: 7.0.5 Affected: 7.1.1 Affected: 7.1.5 Affected: 1.12.1 Affected: 1.12.2 Affected: 1.12.5 Affected: 1.12.0 Affected: 1.12.6 Affected: 1.12.3 Affected: 1.12.7 Affected: 1.12.4 Affected: 1.13.0 Affected: 1.13.1 Affected: 1.13.2 Affected: 1.11.0 Affected: 1.10.2 Affected: 1.10.1 Affected: 1.10.0 Affected: 1.14.0 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.8.1 Affected: 1.8.0 Affected: 1.8.4 Affected: 1.7.0 Affected: 7.2.13 Affected: 7.2.7 Affected: 7.2.3 Affected: 7.2.11 Affected: 7.2.5 Affected: 7.3.3 Affected: 7.3.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-clamav-xxe-TcSZduhN",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.3.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:38.974Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-xxe-TcSZduhN",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
}
],
"source": {
"advisory": "cisco-sa-clamav-xxe-TcSZduhN",
"defects": [
"CSCwd87111",
"CSCwd87112",
"CSCwd87113"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20052",
"datePublished": "2023-02-16T15:26:12.863Z",
"dateReserved": "2022-10-27T18:47:50.319Z",
"dateUpdated": "2024-08-02T08:57:35.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20260 (GCVE-0-2025-20260)
Vulnerability from cvelistv5 – Published: 2025-06-18 17:08 – Updated: 2025-11-03 18:08
VLAI?
Title
ClamAV PDF Scanning Buffer Overflow Vulnerability
Summary
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:55:07.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:44.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:08:36.207Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "clamav-143-and-109-security-patch",
"defects": [
"CSCwo64672"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PDF Scanning Buffer Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20260",
"datePublished": "2025-06-18T17:08:36.207Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-11-03T18:08:44.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20234 (GCVE-0-2025-20234)
Vulnerability from cvelistv5 – Published: 2025-06-18 16:20 – Updated: 2025-06-18 18:22
VLAI?
Title
ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.1 Affected: 1.21.0 Affected: 1.21.2 Affected: 1.22.4 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.4 Affected: 1.17.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:20:31.170035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:22:44.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T16:20:01.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-udf-hmwd9nDy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-udf-hmwd9nDy",
"defects": [
"CSCwo45640"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20234",
"datePublished": "2025-06-18T16:20:01.175Z",
"dateReserved": "2024-10-10T19:15:13.237Z",
"dateUpdated": "2025-06-18T18:22:44.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20128 (GCVE-0-2025-20128)
Vulnerability from cvelistv5 – Published: 2025-01-22 16:21 – Updated: 2025-11-03 18:08
VLAI?
Title
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 7.2.5 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.12.7 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:54:39.076758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:40:10.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:43.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:21:12.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-ole2-H549rphA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-ole2-H549rphA",
"defects": [
"CSCwm83037"
],
"discovery": "INTERNAL"
},
"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20128",
"datePublished": "2025-01-22T16:21:12.329Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-11-03T18:08:43.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20506 (GCVE-0-2024-20506)
Vulnerability from cvelistv5 – Published: 2024-09-04 21:28 – Updated: 2025-11-03 21:52
VLAI?
Title
ClamAV Privilege Handling Escalation Vulnerability
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Severity ?
6.1 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:34:43.487532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:59:30.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:28:54.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk31741"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV Privilege Handling Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20506",
"datePublished": "2024-09-04T21:28:54.812Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20505 (GCVE-0-2024-20505)
Vulnerability from cvelistv5 – Published: 2024-09-04 21:23 – Updated: 2025-11-03 21:52
VLAI?
Title
ClamAV Memory Handling DoS
Summary
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
Severity ?
4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:35:13.258736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:00:08.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:23:55.715Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk44457"
],
"discovery": "INTERNAL"
},
"title": "ClamAV Memory Handling DoS"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20505",
"datePublished": "2024-09-04T21:23:55.715Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20380 (GCVE-0-2024-20380)
Vulnerability from cvelistv5 – Published: 2024-04-18 19:19 – Updated: 2024-08-01 21:59
VLAI?
Title
ClamAV HTML Parser Denial of Service Vulnerability
Summary
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity ?
7.5 (High)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clam_antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clam_antivirus",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T03:18:49.587479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:59.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": " 1.3"
}
]
}
],
"datePublic": "2024-04-18T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T19:19:21.423Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV HTML Parser Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20380",
"datePublished": "2024-04-18T19:19:21.423Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-08-01T21:59:41.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20328 (GCVE-0-2024-20328)
Vulnerability from cvelistv5 – Published: 2024-03-01 20:48 – Updated: 2025-11-04 18:22
VLAI?
Title
ClamAV VirusEvent File Processing Command Injection Vulnerability
Summary
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:40:24.549668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:45:50.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:37.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T20:48:15.328Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV VirusEvent File Processing Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20328",
"datePublished": "2024-03-01T20:48:15.328Z",
"dateReserved": "2023-11-08T15:08:07.641Z",
"dateUpdated": "2025-11-04T18:22:37.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202302-1452
Vulnerability from variot - Updated: 2025-04-19 20:54On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. Cisco Systems Cisco Secure Endpoint Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy. ========================================================================== Ubuntu Security Notice USN-5887-1 February 27, 2023
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. (CVE-2023-20032)
Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.10: clamav 0.103.8+dfsg-0ubuntu0.22.10.1
Ubuntu 22.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.22.04.1
Ubuntu 20.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.20.04.1
Ubuntu 18.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.18.04.1
Ubuntu 16.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5887-1 CVE-2023-20032, CVE-2023-20052
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web security appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "14.5.0"
},
{
"model": "web security appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.7"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "8.0.1.21160"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.6.4"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.7.35"
},
{
"model": "web security appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "14.5.1-013"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.8.0"
},
{
"model": "web security appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "12.5.6"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.4.0"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.11.23"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.3.0"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.105.1"
},
{
"model": "web security appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.0"
},
{
"model": "network security",
"scope": "gte",
"trust": 1.0,
"vendor": "stormshield",
"version": "3.0.0"
},
{
"model": "web security appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "14.0.4-005"
},
{
"model": "web security appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "15.0.0-254"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "1.0.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.20.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "8.1.5"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.21.1"
},
{
"model": "network security",
"scope": "lt",
"trust": 1.0,
"vendor": "stormshield",
"version": "4.3.17"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.9"
},
{
"model": "secure endpoint private cloud",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6.0"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "cisco secure endpoint private cloud",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "network security",
"scope": null,
"trust": 0.8,
"vendor": "stormshield",
"version": null
},
{
"model": "cisco web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a2\u30d7\u30e9\u30a4\u30a2\u30f3\u30b9 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "171129"
}
],
"trust": 0.1
},
"cve": "CVE-2023-20032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2023-20032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2023-20032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2023-20032",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2023-20032",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2023-20032",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1351",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. \r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. \r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]. Cisco Systems Cisco Secure Endpoint Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy. ==========================================================================\nUbuntu Security Notice USN-5887-1\nFebruary 27, 2023\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 22.10\n- Ubuntu 22.04 LTS\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nSimon Scannell discovered that ClamAV incorrectly handled parsing\nHFS+ files. (CVE-2023-20032)\n\nSimon Scannell discovered that ClamAV incorrectly handled parsing\nDMG files. A remote attacker could possibly use this issue\nto expose sensitive information. (CVE-2023-20052)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 22.10:\n clamav 0.103.8+dfsg-0ubuntu0.22.10.1\n\nUbuntu 22.04 LTS:\n clamav 0.103.8+dfsg-0ubuntu0.22.04.1\n\nUbuntu 20.04 LTS:\n clamav 0.103.8+dfsg-0ubuntu0.20.04.1\n\nUbuntu 18.04 LTS:\n clamav 0.103.8+dfsg-0ubuntu0.18.04.1\n\nUbuntu 16.04 ESM:\n clamav 0.103.8+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.8+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5887-1\n CVE-2023-20032, CVE-2023-20052\n\nPackage Information:\nhttps://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1\nhttps://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1\nhttps://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1\nhttps://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "VULMON",
"id": "CVE-2023-20032"
},
{
"db": "PACKETSTORM",
"id": "171129"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-20032",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-25-105-08",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU92488108",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2023.0953",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.1077",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2023-20032",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "171129",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "PACKETSTORM",
"id": "171129"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"id": "VAR-202302-1452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.45906568
},
"last_update_date": "2025-04-19T20:54:57.244000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-clamav-q8DThCy",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=228436"
},
{
"title": "Debian CVElist Bug Report Logs: clamav: 2 RCE bugs in ClamAV 0.103 (+ 1.0.0), CVE-2023-20032/CVE-2023-20052",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=72b1e54f904f4b9ca82d85ff39559617"
},
{
"title": "Cisco: ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-q8DThCy"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/marekbeckmann/Clamav-Installation-Script "
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2023/02/17/cisco_clamav_critical_flaw/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-q8dthcy"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.9,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu92488108/"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2023-20032/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.0953"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.1077"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://github.com/marekbeckmann/clamav-installation-script"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5887-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2023-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "PACKETSTORM",
"id": "171129"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2023-20032"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"db": "PACKETSTORM",
"id": "171129"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"date": "2023-02-27T14:51:49",
"db": "PACKETSTORM",
"id": "171129"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"date": "2023-03-01T08:15:11.907000",
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-17T08:09:00",
"db": "JVNDB",
"id": "JVNDB-2023-004930"
},
{
"date": "2023-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1351"
},
{
"date": "2024-01-25T17:15:25.840000",
"db": "NVD",
"id": "CVE-2023-20032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "171129"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems \u00a0Cisco\u00a0Secure\u00a0Endpoint\u00a0 Out-of-Bounds Write Vulnerability in Other Vendors\u0027 Products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-004930"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1351"
}
],
"trust": 0.6
}
}
VAR-201606-0327
Vulnerability from variot - Updated: 2025-04-13 23:14libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. Vendors have confirmed this vulnerability Bug ID CSCuv78533 It is released as.Denial of service operations through crafted documents by third parties (AMP Restart process ) There is a possibility of being put into a state. Multiple Cisco products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the AMP process to restart, resulting in a denial-of-service condition. This issue is being tracked by Cisco Bug IDs CSCuv78533, and CSCuw60503. This issue is fixed in: Cisco ClamAV 0.99 Cisco Email Security Appliance 9.7.0-125 Cisco Web Security Appliance 9.1.1-041, and 9.0.1-135. Clam AntiVirus (ClamAV) is a set of free and open-source antivirus software developed by the ClamAV team to detect Trojans, viruses, malware, and other malicious threats. A security vulnerability exists in libclamav in ClamAV in Cisco AMP for ESA and WSA due to the program not properly parsing input files. The following products and versions are affected: Cisco AMP for ESA before 9.7.0-125, Cisco AMP for WSA before 9.0.1-135, and Cisco AMP for WSA 9.1.x before 9.1.1-041. =========================================================================== Ubuntu Security Notice USN-3093-1 September 28, 2016
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
ClamAV could be made to crash or run programs if it processed a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled certain malformed files.
In the default installation, attackers would be isolated by the ClamAV AppArmor profile.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: clamav 0.99.2+dfsg-0ubuntu0.16.04.1
Ubuntu 14.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.14.04.1
Ubuntu 12.04 LTS: clamav 0.99.2+addedllvm-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3093-1 CVE-2016-1371, CVE-2016-1372, CVE-2016-1405
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.12.04.1
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0327",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": null,
"trust": 1.4,
"vendor": "clamav",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "8.8.0-085"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.3,
"vendor": "cisco",
"version": "9.6.0-042"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "*"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.1.0-070"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.5.0-284"
},
{
"model": "web security the appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.x"
},
{
"model": "web security the appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1.1-041"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.8"
},
{
"model": "web security appliance 8.7.0-171-ld",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.3-051"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.2-004"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.1-021"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.0.000"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.0-497"
},
{
"model": "web security appliance hot patch",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.51"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1.0-235"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.8-113"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.7-151"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.7-142"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-115"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-078"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6-073"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.6"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-757"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-725"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-602"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7.0-550"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.7"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1-201"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.0-838"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4-101"
},
{
"model": "web security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3-013"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.4"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.2"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.0-051"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6.0-046"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.6"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5.0-201"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.0-032"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.0-461"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.7-043"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.7-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.6-074"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.6-073"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.6-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0.1-023"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.8"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.3-019"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.5-106"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "3.3.1-09"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.98.7"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.98.5"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.98.4"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.98"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.97.8"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0.98.6"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.1-041"
},
{
"model": "web security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.0.1-135"
},
{
"model": "email security appliance",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "9.7.0-125"
},
{
"model": "clamav",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "0.99"
}
],
"sources": [
{
"db": "BID",
"id": "90968"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:email_security_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:web_security_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "90968"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1405",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90224",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1405",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1405",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1405",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90224",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. Vendors have confirmed this vulnerability Bug ID CSCuv78533 It is released as.Denial of service operations through crafted documents by third parties (AMP Restart process ) There is a possibility of being put into a state. Multiple Cisco products are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause the AMP process to restart, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco Bug IDs CSCuv78533, and CSCuw60503. \nThis issue is fixed in:\nCisco ClamAV 0.99\nCisco Email Security Appliance 9.7.0-125\nCisco Web Security Appliance 9.1.1-041, and 9.0.1-135. Clam AntiVirus (ClamAV) is a set of free and open-source antivirus software developed by the ClamAV team to detect Trojans, viruses, malware, and other malicious threats. A security vulnerability exists in libclamav in ClamAV in Cisco AMP for ESA and WSA due to the program not properly parsing input files. The following products and versions are affected: Cisco AMP for ESA before 9.7.0-125, Cisco AMP for WSA before 9.0.1-135, and Cisco AMP for WSA 9.1.x before 9.1.1-041. \n===========================================================================\nUbuntu Security Notice USN-3093-1\nSeptember 28, 2016\n\nclamav vulnerabilities\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nClamAV could be made to crash or run programs if it processed a specially\ncrafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nIt was discovered that ClamAV incorrectly handled certain malformed files. \n\nIn the default installation, attackers would be isolated by the ClamAV\nAppArmor profile. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 LTS:\n clamav 0.99.2+dfsg-0ubuntu0.16.04.1\n\nUbuntu 14.04 LTS:\n clamav 0.99.2+addedllvm-0ubuntu0.14.04.1\n\nUbuntu 12.04 LTS:\n clamav 0.99.2+addedllvm-0ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3093-1\n CVE-2016-1371, CVE-2016-1372, CVE-2016-1405\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.12.04.1\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1405"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "BID",
"id": "90968"
},
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "PACKETSTORM",
"id": "138895"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1405",
"trust": 2.9
},
{
"db": "BID",
"id": "90968",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1035994",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035993",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1376",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90224",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138895",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "BID",
"id": "90968"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "PACKETSTORM",
"id": "138895"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"id": "VAR-201606-0327",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90224"
}
],
"trust": 0.54899413
},
"last_update_date": "2025-04-13T23:14:12.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160531-wsa-esa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160531-wsa-esa"
},
{
"title": "ChangeLog",
"trust": 0.8,
"url": "https://github.com/vrtadmin/clamav-devel/blob/master/ChangeLog"
},
{
"title": "Cisco Advance Malware Protection for Email Security Appliance and Web Security Appliance Clam AntiVirus Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62025"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160531-wsa-esa"
},
{
"trust": 1.7,
"url": "https://github.com/vrtadmin/clamav-devel/blob/master/changelog"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3093-1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/90968"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035993"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1405"
},
{
"trust": 0.6,
"url": "http://www.auscert.org.au/./render.html?it=35274"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1371"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.99.2+dfsg-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.99.2+addedllvm-0ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1405"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "BID",
"id": "90968"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "PACKETSTORM",
"id": "138895"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90224"
},
{
"db": "BID",
"id": "90968"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"db": "PACKETSTORM",
"id": "138895"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-90224"
},
{
"date": "2016-05-31T00:00:00",
"db": "BID",
"id": "90968"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"date": "2016-09-29T04:25:18",
"db": "PACKETSTORM",
"id": "138895"
},
{
"date": "2016-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"date": "2016-06-08T14:59:12.827000",
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90224"
},
{
"date": "2016-10-03T09:01:00",
"db": "BID",
"id": "90968"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003096"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-717"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1405"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "138895"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco E Email Security Appliance and Web Security Used by appliance devices ClamAV Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-717"
}
],
"trust": 0.6
}
}
VAR-201203-0144
Vulnerability from variot - Updated: 2025-04-11 22:49The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================ Ubuntu Security Notice USN-1482-2 June 20, 2012
clamav regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
ClamAV could improperly detect malware if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail to install in certain situations. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote attacker could create a specially-crafted CHM file containing malware that could escape being detected. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2
Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2
Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.2 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1482-2 http://www.ubuntu.com/usn/usn-1482-1 https://launchpad.net/bugs/1015337
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2012:094 http://www.mandriva.com/security/
Package : clamav Date : June 18, 2012 Affected: Enterprise Server 5.0
Problem Description:
This is a bugfix release that upgrades clamav to the latest version (0.97.5) that resolves the following security issues:
The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
Updated Packages:
Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virusbuster",
"scope": "eq",
"trust": 2.4,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2.0 antimalware engine 1.1.6402.0"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.6402"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "anti-virus clamav",
"scope": "eq",
"trust": 0.3,
"vendor": "clam",
"version": "0.96.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:antiy:avl_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:authentium:command_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avast:avast_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avg:avg_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avira:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bitdefender:bitdefender",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emsisoft:anti-malware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:eset:nod32_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:k7computing:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:anti-virus:vba32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:virusbuster:virusbuster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ahnlab:v3_internet_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f-secure:anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:quick_heal:quick_heal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sophos:anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:housecall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fortinet:fortinet_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:security_essentials",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:scan_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:web_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52623"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1459",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54740",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1459",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1459",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54740",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR Parser If it is announced that there is also a problem with the implementation of CVE May be split.Corresponding to the length field of the full entry and part of the header of the next entry by a third party TAR Malware detection may be bypassed through archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bit2defender 7. ============================================================================\nUbuntu Security Notice USN-1482-2\nJune 20, 2012\n\nclamav regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-1482-1 fixed vulnerabilities in ClamAV. The updated packages could fail\nto install in certain situations. This update fixes the problem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled certain malformed TAR\n archives. (CVE-2012-1457,\n CVE-2012-1459)\n \n It was discovered that ClamAV incorrectly handled certain malformed CHM\n files. A remote attacker could create a specially-crafted CHM file\n containing malware that could escape being detected. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n clamav 0.97.5+dfsg-1ubuntu0.12.04.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.2\n libclamav6 0.97.5+dfsg-1ubuntu0.12.04.2\n\nUbuntu 11.10:\n clamav 0.97.5+dfsg-1ubuntu0.11.10.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.2\n libclamav6 0.97.5+dfsg-1ubuntu0.11.10.2\n\nUbuntu 11.04:\n clamav 0.97.5+dfsg-1ubuntu0.11.04.2\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.2\n libclamav6 0.97.5+dfsg-1ubuntu0.11.04.2\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1482-2\n http://www.ubuntu.com/usn/usn-1482-1\n https://launchpad.net/bugs/1015337\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2012:094\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : clamav\n Date : June 18, 2012\n Affected: Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n This is a bugfix release that upgrades clamav to the latest version\n (0.97.5) that resolves the following security issues:\n \n The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass\n malware detection via a TAR archive entry with a length field that\n exceeds the total TAR file size. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1459"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-54740",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1459",
"trust": 3.2
},
{
"db": "BID",
"id": "52623",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80390",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80392",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80393",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113878",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "115619",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "113895",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54740",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113841",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"id": "VAR-201203-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:49:45.803000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVL SDK",
"trust": 0.8,
"url": "http://www.antiy.net/"
},
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/CSAVDownload.html"
},
{
"title": "avast! Antivirus",
"trust": 0.8,
"url": "https://www.avast.co.jp/index"
},
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "AntiVir",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Rising Antivirus",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Bitdefender",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "ClamAV",
"trust": 0.8,
"url": "http://www.clamav.net/lang/en/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Fortinet Antivirus",
"trust": 0.8,
"url": "http://www.fortinet.com/solutions/antivirus.html"
},
{
"title": "F-Prot Antivirus",
"trust": 0.8,
"url": "http://www.f-prot.com/index.html"
},
{
"title": "G Data AntiVirus",
"trust": 0.8,
"url": "http://www.gdata.co.jp/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/en/"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "K7 AntiVirus",
"trust": 0.8,
"url": "http://www.k7computing.com/en/consumer_home.php"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/us/products/web-gateway.aspx"
},
{
"title": "McAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Norman Antivirus",
"trust": 0.8,
"url": "http://www.norman.com/products/antivirus_antispyware/en"
},
{
"title": "nProtect Anti-Virus",
"trust": 0.8,
"url": "http://global.nprotect.com/product/avs.php"
},
{
"title": "openSUSE-SU-2012:0833",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"title": "Panda Antivirus",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "PC Tools AntiVirus",
"trust": 0.8,
"url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
},
{
"title": "Quick Heal",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Sophos Anti-Virus",
"trust": 0.8,
"url": "http://www.sophos.com/ja-jp/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/index.html"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/tools/housecall/index.html"
},
{
"title": "VBA32",
"trust": 0.8,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"title": "VirusBuster",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Microsoft Security Essentials",
"trust": 0.8,
"url": "http://windows.microsoft.com/ja-JP/windows/products/security-essentials"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52623"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80390"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80392"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80393"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80407"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74302"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1459"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19231"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.avast.com"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.avira.com/"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.gdatasoftware.com"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.3,
"url": "http://www.ubuntu.com/usn/usn-1482-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.3"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1015405"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1015337"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.2"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54740"
},
{
"db": "BID",
"id": "52623"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54740"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52623"
},
{
"date": "2012-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"date": "2012-08-17T02:36:21",
"db": "PACKETSTORM",
"id": "115619"
},
{
"date": "2012-06-20T03:33:06",
"db": "PACKETSTORM",
"id": "113895"
},
{
"date": "2012-06-20T02:54:11",
"db": "PACKETSTORM",
"id": "113878"
},
{
"date": "2012-06-19T00:56:02",
"db": "PACKETSTORM",
"id": "113841"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"date": "2012-03-21T10:11:49.597000",
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-54740"
},
{
"date": "2015-04-13T22:00:00",
"db": "BID",
"id": "52623"
},
{
"date": "2012-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001869"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-422"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1459"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "115619"
},
{
"db": "PACKETSTORM",
"id": "113895"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001869"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-422"
}
],
"trust": 0.6
}
}
VAR-201203-0381
Vulnerability from variot - Updated: 2025-04-11 22:49The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================ Ubuntu Security Notice USN-1482-1 June 19, 2012
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
ClamAV could improperly detect malware if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled certain malformed TAR archives. (CVE-2012-1457, CVE-2012-1459)
It was discovered that ClamAV incorrectly handled certain malformed CHM files. (CVE-2012-1458)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 LTS: clamav 0.97.5+dfsg-1ubuntu0.12.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1
Ubuntu 11.10: clamav 0.97.5+dfsg-1ubuntu0.11.10.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1
Ubuntu 11.04: clamav 0.97.5+dfsg-1ubuntu0.11.04.1 clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1 libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1
Ubuntu 10.04 LTS: clamav 0.96.5+dfsg-1ubuntu1.10.04.4 clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4 libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1482-1 CVE-2012-1457, CVE-2012-1458, CVE-2012-1459
Package Information: https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1 https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1 https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4 .
The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459 http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5
Updated Packages:
Mandriva Enterprise Server 5: d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf OUr1QL5Wsvt3KboLKCdYUhE= =1QL7 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0381",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "virusbuster",
"scope": "eq",
"trust": 2.4,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.0,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.10"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "11.04"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "10.04"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.6402"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "kaspersky",
"version": "7.0125"
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "jiangmin",
"scope": "eq",
"trust": 0.3,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
}
],
"sources": [
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:antiy:avl_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:authentium:command_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avast:avast_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avg:avg_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avira:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bitdefender:bitdefender",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emsisoft:anti-malware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:eset:nod32_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:k7computing:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:anti-virus:vba32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:virusbuster:virusbuster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:aladdin:esafe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:quick_heal:quick_heal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:housecall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:security_essentials",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:scan_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:web_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52610"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1457",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1457",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54738",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1457",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1457",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54738",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. Multiple products TAR A file parser contains a vulnerability that can prevent malware detection. Different TAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By a third party TAR Total file size exceeded length With field TAR Malware detection can be bypassed via archive entries. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Vulnerabilities exist in the TAR file parser in version 1004, Trend Micro HouseCall version 9.120.0.1004, VBA32 version 3.12.14.2, and VirusBuster version 13.6.151.0. ============================================================================\nUbuntu Security Notice USN-1482-1\nJune 19, 2012\n\nclamav vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 LTS\n- Ubuntu 11.10\n- Ubuntu 11.04\n- Ubuntu 10.04 LTS\n\nSummary:\n\nClamAV could improperly detect malware if it opened a specially crafted\nfile. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nIt was discovered that ClamAV incorrectly handled certain malformed TAR\narchives. (CVE-2012-1457,\nCVE-2012-1459)\n\nIt was discovered that ClamAV incorrectly handled certain malformed CHM\nfiles. (CVE-2012-1458)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 LTS:\n clamav 0.97.5+dfsg-1ubuntu0.12.04.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.12.04.1\n libclamav6 0.97.5+dfsg-1ubuntu0.12.04.1\n\nUbuntu 11.10:\n clamav 0.97.5+dfsg-1ubuntu0.11.10.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.10.1\n libclamav6 0.97.5+dfsg-1ubuntu0.11.10.1\n\nUbuntu 11.04:\n clamav 0.97.5+dfsg-1ubuntu0.11.04.1\n clamav-daemon 0.97.5+dfsg-1ubuntu0.11.04.1\n libclamav6 0.97.5+dfsg-1ubuntu0.11.04.1\n\nUbuntu 10.04 LTS:\n clamav 0.96.5+dfsg-1ubuntu1.10.04.4\n clamav-daemon 0.96.5+dfsg-1ubuntu1.10.04.4\n libclamav6 0.96.5+dfsg-1ubuntu1.10.04.4\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-1482-1\n CVE-2012-1457, CVE-2012-1458, CVE-2012-1459\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1\n https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1\n https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4\n. \n \n The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers\n to bypass malware detection via a crafted reset interval in the LZXC\n header of a CHM file. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1459\n http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.97.5\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Enterprise Server 5:\n d82d78601290e2f6073974170c81841a mes5/i586/clamav-0.97.5-0.1mdvmes5.2.i586.rpm\n 80f0475472c0217afd3727019bf27e53 mes5/i586/clamav-db-0.97.5-0.1mdvmes5.2.i586.rpm\n c13835eadea8d2af15b628fba3159e8b mes5/i586/clamav-milter-0.97.5-0.1mdvmes5.2.i586.rpm\n d7c058fae32f1a081b1d4ca31157df0e mes5/i586/clamd-0.97.5-0.1mdvmes5.2.i586.rpm\n 5ad153709c7eb510c2be2e82bfa5ac52 mes5/i586/libclamav6-0.97.5-0.1mdvmes5.2.i586.rpm\n 96e3d3f3e9bea802c4109c155c9d1465 mes5/i586/libclamav-devel-0.97.5-0.1mdvmes5.2.i586.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n b30f5aafd9aaff0a7743fb62f33ccbea mes5/x86_64/clamav-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 1508801239427c0ac72734f52cb4451c mes5/x86_64/clamav-db-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 92b4c5ca6db656801b5b6ae217c6e171 mes5/x86_64/clamav-milter-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 94fad12df2cc900309087bbda13c826a mes5/x86_64/clamd-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 8ec166a457d0512479adaaf5f80d487f mes5/x86_64/lib64clamav6-0.97.5-0.1mdvmes5.2.x86_64.rpm\n 19bc2758175bcde28ebf7783d68a9b98 mes5/x86_64/lib64clamav-devel-0.97.5-0.1mdvmes5.2.x86_64.rpm \n 203cde43731b63729d1f7f6497033184 mes5/SRPMS/clamav-0.97.5-0.1mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFP3tnKmqjQ0CJFipgRAj4wAJ9eURS1mZYCZhkmUTVE/U8QAH47MwCgxQzf\nOUr1QL5Wsvt3KboLKCdYUhE=\n=1QL7\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1457"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-54738",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1457",
"trust": 3.0
},
{
"db": "BID",
"id": "52610",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80392",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80406",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80391",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80407",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80396",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80395",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80403",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80409",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80389",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80393",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19229",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "113841",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-54738",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "113878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"id": "VAR-201203-0381",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:49:45.723000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.aladdin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.antiy.net/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.authentium.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.avast.com/index"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avg.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clamav.net/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.emsisoft.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.eset.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gdata-software.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ikarus.at/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.k7computing.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.mcafee.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.microsoft.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "openSUSE-SU-2012:0833",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.pctools.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.symantec.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.trendmicro.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://anti-virus.by/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.kaspersky.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52610"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2012:094"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80389"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80391"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80392"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80393"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80395"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80396"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80403"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80406"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80407"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80409"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00002.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74293"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1457"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1457"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19229"
},
{
"trust": 0.3,
"url": "http://www.antiy.net"
},
{
"trust": 0.3,
"url": "http://www.authentium.com"
},
{
"trust": 0.3,
"url": "http://www.avast.com"
},
{
"trust": 0.3,
"url": "http://www.avg.com"
},
{
"trust": 0.3,
"url": "http://www.avira.com/"
},
{
"trust": 0.3,
"url": "http://www.bitdefender.com"
},
{
"trust": 0.3,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"trust": 0.3,
"url": "http://www.safenet-inc.com/data-protection/content-security-esafe/"
},
{
"trust": 0.3,
"url": "http://eset.com"
},
{
"trust": 0.3,
"url": "http://www.f-prot.com/"
},
{
"trust": 0.3,
"url": "http://www.gdatasoftware.com"
},
{
"trust": 0.3,
"url": "http://www.ikarus.at"
},
{
"trust": 0.3,
"url": "http://global.jiangmin.com/"
},
{
"trust": 0.3,
"url": "http://www.k7computing.com/en/product/k7-antivirusplus.php"
},
{
"trust": 0.3,
"url": "http://www.kaspersky.com/"
},
{
"trust": 0.3,
"url": "http://www.mcafee.com/"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com"
},
{
"trust": 0.3,
"url": "http://anti-virus-software-review.toptenreviews.com/norman-review.html"
},
{
"trust": 0.3,
"url": "http://www.pctools.com/spyware-doctor-antivirus/"
},
{
"trust": 0.3,
"url": "http://www.quickheal.com/"
},
{
"trust": 0.3,
"url": "http://www.rising-global.com/"
},
{
"trust": 0.3,
"url": "http://www.symantec.com"
},
{
"trust": 0.3,
"url": "http://www.trend.com"
},
{
"trust": 0.3,
"url": "http://anti-virus.by/en/index.shtml"
},
{
"trust": 0.3,
"url": "/archive/1/522005"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1457"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1459"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1458"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.96.5+dfsg-1ubuntu1.10.04.4"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-1482-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.12.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.97.5+dfsg-1ubuntu0.11.04.1"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1459"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=changelog;hb=clamav-0.97.5"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1458"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54738"
},
{
"db": "BID",
"id": "52610"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54738"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52610"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"date": "2012-06-20T02:54:11",
"db": "PACKETSTORM",
"id": "113878"
},
{
"date": "2012-06-19T00:56:02",
"db": "PACKETSTORM",
"id": "113841"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"date": "2012-03-21T10:11:49.287000",
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-54738"
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "52610"
},
{
"date": "2012-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001902"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-420"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1457"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "113878"
},
{
"db": "PACKETSTORM",
"id": "113841"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products TAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001902"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-420"
}
],
"trust": 0.6
}
}
VAR-201203-0367
Vulnerability from variot - Updated: 2025-04-11 22:49The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All affected products are command-line versions of the AVs.
Vulnerability Descriptions
- Specially crafted infected POSIX TAR files with "[aliases]" as first 9 bytes evades detection.
Affected products - ClamAV 0.96.4, CAT-QuickHeal 11.00
CVE no - CVE-2012-1419
- Specially crafted infected POSIX TAR files with "\7fELF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03
CVE no - CVE-2012-1420
- Specially crafted infected POSIX TAR files with "MSCF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, Symantec 20101.3.0.103
CVE no - CVE-2012-1421
- Specially crafted infected POSIX TAR files with "ITSF" as first 4 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1422
- Specially crafted infected POSIX TAR files with "MZ" as first 2 bytes evades detection.
Affected products - Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0
CVE no - CVE-2012-1423
- Specially crafted infected POSIX TAR files with "\19\04\00\10" at offset 8 evades detection.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, PCTools 7.0.3.5, Sophos 4.61.0
CVE no - CVE-2012-1424
- Specially crafted infected POSIX TAR files with "\50\4B\03\04" as the first 4 bytes evades detection.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1425
- Specially crafted infected POSIX TAR files with "\42\5A\68" as the first 3 bytes evades detection.
Affected products - CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03
CVE no - CVE-2012-1426
- Specially crafted infected POSIX TAR files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1427
- Specially crafted infected POSIX TAR files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0
CVE no - CVE-2012-1428
- Specially crafted infected ELF files with "ustar" at offset 257 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01
CVE no - CVE-2012-1429 12. Specially crafted infected ELF files with "\19\04\00\10" at offset 8 evades detection.
Affected products - BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1430 13. Specially crafted infected ELF files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03
CVE no - CVE-2012-1431
- Specially crafted infected MS EXE files with "\57\69\6E\5A\69\70" at offset 29 evades detection.
Affected products - Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1432
- Specially crafted infected MS EXE files with "\4a\46\49\46" at offset 6 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1433
- Specially crafted infected MS EXE files with "\19\04\00\10" at offset 8 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1434
- Specially crafted infected MS EXE files with "\50\4B\4C\49\54\45" at offset 30 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1435
- Specially crafted infected MS EXE files with "\2D\6C\68" at offset 2 evades detection.
Affected products - AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7
CVE no - CVE-2012-1436
- Specially crafted infected MS Office files with "\50\4B\53\70\58" at offset 526 evades detection.
Affected products - Comodo 7425
CVE no - CVE-2012-1437
- Specially crafted infected MS Office files with "ustar" at offset 257 evades detection.
Affected products - Comodo 7425, Sophos 4.61.0
CVE no - CVE-2012-1438
- 'padding' field in ELF files is parsed incorrectly. If an infected ELF file's padding field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1439
- 'identsize' field in ELF files is parsed incorrectly. If an infected ELF file's identsize field is incremented by 1 it evades detection.
Affected products - Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1440
- 'e_ip' and 'e_res' field in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1 it evades detection.
Affected products - Prevx 3.0
'e_minalloc', 'e_res2','e_cparhdr', 'e_crlc', 'e_lfarlc','e_maxalloc',
'e_oeminfo', 'e_ovno', 'e_cs', 'e_csum','e_sp', 'e_ss', 'e_cblp' and
'e_oemid' fields in MS EXE files are parsed incorrectly.
If any of these fields in an infected MS EXE file is incremented by 1
it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0
CVE no - CVE-2012-1441
- 'class' field in ELF files is parsed incorrectly.
If an infected ELF file's class field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1442
- Infected RAR files with initial two bytes set to 'MZ' can be fixed by the user and correctly extracted. Such a file evades detection.
Affected products - ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0 nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, Avast5 5.0.677.0, VBA32 3.12.14.2
CVE no - CVE-2012-1443
- 'abiversion' field in ELF files is parsed incorrectly.
If an infected ELF file's abiversion field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1444
- 'abi' field in ELF files is parsed incorrectly.
If an infected ELF file's abi field is incremented by 1 it evades detection.
Affected products - eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1445
- 'encoding' field in ELF files is parsed incorrectly.
If an infected ELF file's encoding field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1446
- 'e_version' field in ELF files is parsed incorrectly.
If an infected ELF file's e_version field is incremented by 1 it evades detection.
Affected products - Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7
CVE no - CVE-2012-1447
- 'cbCabinet' field in CAB files is parsed incorrectly.
If an infected CAB file's cbCabinet field is incremented by 1 it evades detection.
Affected products - CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0 TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1
CVE no - CVE-2012-1448
- 'vMajor' field in CAB files is parsed incorrectly.
If an infected CAB file's vMajor field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1449
- 'reserved3' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1450
- 'reserved2' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved2 field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0
CVE no - CVE-2012-1451
- 'reserved1' field in CAB files is parsed incorrectly.
If an infected CAB file's reserved field is incremented by 1 it evades detection.
Affected products - Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00
CVE no - CVE-2012-1452
- 'coffFiles' field in CAB files is parsed incorrectly.
If an infected CAB file's coffFiles field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C, Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402, Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1453
- 'ei_version' field in ELF files is parsed incorrectly.
If an infected ELF file's version field is incremented by 1 it evades detection.
Affected products - McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7
CVE no - CVE-2012-1454
- 'vMinor' field in CAB files is parsed incorrectly.
If an infected CAB file's version field is incremented by 1 it evades detection.
Affected products - NOD32 5795, Rising 22.83.00.03
CVE no - CVE-2012-1455
- A specially crafted ZIP file, created by concatenating the contents of a clean TAR archive and a virus-infected ZIP archive, is parsed incorrectly and evades detection.
Affected products - AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004
CVE no - CVE-2012-1456
- If the length field in the header of a file with test EICAR virus included into a TAR archive is set to be greater than the archive's total length (1,000,000+original length in our experiments), the antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program.
Affected products - AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0
CVE no - CVE-2012-1457
- A Windows Compiled HTML Help (CHM) file is a set of HTML files, scripts, and images compressed using the LZX algorithm. For faster random accesses, the algorithm is reset at intervals instead of compressing the entire file as a single stream. The length of each interval is specified in the LZXC header.
If an infected CHM file's header modified so that the reset interval is lower than in the original file, the antivirus declares the file to be clean. But the Windows CHM viewer hh.exe correctly decompresses the infected content located before the tampered header.
Affected products - ClamAV 0.96.4, Sophos 4.61.0
CVE no - CVE-2012-1458
- In a POSIX TAR archive, each member file has a 512-byte header protected by a simple checksum. Every header also contains a file length field, which is used by the extractor to locate the next header in the archive.
If a TAR archive contains two files: the first one is clean, while the second is infected with test EICAR virus - and it is modified such that the length field in the header of the first, clean file to point into the middle of the header of the second, infected file. The antivirus declares the file to be clean but virus gets extracted correctly by the GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, the antivirus declares the file to be clean but virus gets extracted by the gunzip+tar programs correctly by ignoring these bytes.
Affected products - Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, VBA32 3.12.14.2
CVE no - CVE-2012-1460
- GZIP files can contain multiple compressed streams, which are assembled when the contents are extracted. If an infected .tar.gz file is broken into two streams, the antivirus declares the infected .tar.gz file to be clean while tar+gunzip extract the virus correctly
Affected products - AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2
CVE no - CVE-2012-1461
- If an infected ZIP archive is prepended with 1024 random bytes at the beginning, the antivirus declares the file to be clean but virus gets extracted by the unzip program correctly by skipping these bytes
Affected products - AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, Symantec 20101.3.0.103
CVE no - CVE-2012-1462
- In most ELF files, the 5th byte of the header indicates endianness: 01 for little-endian, 02 for bigendian. Linux kernel, however, does not check this field before loading an ELF file. If an infected ELF file's 5-th byte is set to 02, the antivirus declares the file to be clean but the ELF file gets executed correctly.
Affected products - AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7
CVE no - CVE-2012-1463
Credits
Vulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov.
References
"Abusing File Processing in Malware Detectors for Fun and Profit" by Suman Jana and Vitaly Shmatikov To appear in IEEE Symposium on Security and Privacy 2012 http://www.ieee-security.org/TC/SP2012/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201203-0367",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "antivirus",
"scope": "eq",
"trust": 2.1,
"vendor": "comodo",
"version": "7424"
},
{
"model": "avl sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "antiy",
"version": "2.0.3.7"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "authentium",
"version": "5.2.11.5"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "avg",
"version": "10.0.0.1190"
},
{
"model": "bitdefender",
"scope": "eq",
"trust": 1.8,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.96.4"
},
{
"model": "anti-malware",
"scope": "eq",
"trust": 1.8,
"vendor": "emsisoft",
"version": "5.1.0.1"
},
{
"model": "virus utilities t3 command line scanner",
"scope": "eq",
"trust": 1.8,
"vendor": "ikarus",
"version": "1.1.97.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "jiangmin",
"version": "13.0.900"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "pc tools",
"version": "7.0.3.5"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 1.8,
"vendor": "virusbuster",
"version": "13.6.151.0"
},
{
"model": "esafe",
"scope": "eq",
"trust": 1.8,
"vendor": "aladdin",
"version": "7.0.17.0"
},
{
"model": "f-secure anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "kaspersky",
"version": "7.0.0.125"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 1.8,
"vendor": "sophos",
"version": "4.61.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.8,
"vendor": "fortinet",
"version": "4.2.254.0"
},
{
"model": "security essentials",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.0"
},
{
"model": "scan engine",
"scope": "eq",
"trust": 1.8,
"vendor": "mcafee",
"version": "5.400.0.1158"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 1.6,
"vendor": "symantec",
"version": "11.0"
},
{
"model": "housecall",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "f prot",
"version": "4.6.2.117"
},
{
"model": "antivirus \\\u0026 antispyware",
"scope": "eq",
"trust": 1.0,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "vba32",
"scope": "eq",
"trust": 1.0,
"vendor": "anti virus",
"version": "3.12.14.2"
},
{
"model": "gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "panda antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "pandasecurity",
"version": "10.0.2.7"
},
{
"model": "nod32 antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivir",
"scope": "eq",
"trust": 1.0,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "quick heal",
"scope": "eq",
"trust": 1.0,
"vendor": "cat",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "k7computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "rising global",
"version": "22.83.00.03"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "5.0.677.0"
},
{
"model": "avast antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "alwil",
"version": "4.8.1351.0"
},
{
"model": "trend micro antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "trendmicro",
"version": "9.120.0.1004"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 1.0,
"vendor": "ahnlab",
"version": "2011.01.18.00"
},
{
"model": "g data antivirus",
"scope": "eq",
"trust": 1.0,
"vendor": "gdata",
"version": "21"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "4.8.1351.0"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "avast s r o",
"version": "5.0.677.0"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "avira",
"version": "7.11.1.163"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "rising",
"version": "22.83.00.03"
},
{
"model": "nod32 anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "eset",
"version": "5795"
},
{
"model": "f-prot antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "frisk",
"version": "4.6.2.117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "g data",
"version": "21"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "k7 computing",
"version": "9.77.3565"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "norman",
"version": "6.06.12"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.8,
"vendor": "nprotect",
"version": "2011-01-17.01"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "panda security",
"version": "10.0.2.7"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.8,
"vendor": "virusblokada",
"version": "3.12.14.2"
},
{
"model": "v3 internet security",
"scope": "eq",
"trust": 0.8,
"vendor": "unlab",
"version": "2011.01.18.00"
},
{
"model": "heal",
"scope": "eq",
"trust": 0.8,
"vendor": "quick heal k k",
"version": "11.00"
},
{
"model": "endpoint protection",
"scope": "eq",
"trust": 0.8,
"vendor": "symantec",
"version": "11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.8,
"vendor": "trend micro",
"version": "9.120.0.1004"
},
{
"model": "web gateway software",
"scope": "eq",
"trust": 0.8,
"vendor": "mcafee",
"version": "2010.1c"
},
{
"model": "vba32",
"scope": "eq",
"trust": 0.3,
"vendor": "virusblokada",
"version": "3.12.142"
},
{
"model": "virusbuster",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "13.6.1510"
},
{
"model": "trend micro",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "housecall",
"scope": "eq",
"trust": 0.3,
"vendor": "trend micro",
"version": "9.1201004"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "symantec",
"version": "20101.3103"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "sophos",
"version": "4.61"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "rising",
"version": "22.8303"
},
{
"model": "cat-quickheal",
"scope": "eq",
"trust": 0.3,
"vendor": "quick heal",
"version": "11.00"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "pctools",
"version": "7.0.35"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "panda",
"version": "10.0.27"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "norman",
"version": "6.6.12"
},
{
"model": "mcafee-gw-edition 2010.1c",
"scope": null,
"trust": 0.3,
"vendor": "mcafee",
"version": null
},
{
"model": "computing pvt ltd k7antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "k7",
"version": "9.77.3565"
},
{
"model": "nprotect",
"scope": "eq",
"trust": 0.3,
"vendor": "inca",
"version": "2011-01-17.01"
},
{
"model": "antivirus t3.1.1.97.0",
"scope": null,
"trust": 0.3,
"vendor": "ikarus",
"version": null
},
{
"model": "data software gdata",
"scope": "eq",
"trust": 0.3,
"vendor": "g",
"version": "21"
},
{
"model": "software f-prot antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "frisk",
"version": "4.6.2117"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "fortinet",
"version": "4.2.2540"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "f secure",
"version": "9.0.16160.0"
},
{
"model": "nod32",
"scope": "eq",
"trust": 0.3,
"vendor": "eset",
"version": "5795"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "esafe",
"version": "7.0.170"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "emsisoft",
"version": "5.11"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "bitdefender",
"version": "7.2"
},
{
"model": "antivir engine",
"scope": "eq",
"trust": 0.3,
"vendor": "avira",
"version": "7.11.1163"
},
{
"model": "anti-virus",
"scope": "eq",
"trust": 0.3,
"vendor": "avg",
"version": "10.01190"
},
{
"model": "avast5 antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "5.0.6770"
},
{
"model": "antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "avast",
"version": "4.8.1351.0"
},
{
"model": "command antivirus",
"scope": "eq",
"trust": 0.3,
"vendor": "authentium",
"version": "5.2.115"
},
{
"model": "antiy-avl",
"scope": "eq",
"trust": 0.3,
"vendor": "antiy",
"version": "2.0.37"
},
{
"model": "engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ahnlab",
"version": "v32011.01.18.00"
}
],
"sources": [
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:antiy:avl_sdk",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:authentium:command_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avast:avast_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avg:avg_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:avira:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rising-global:rising_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:bitdefender:bitdefender",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:comodo:comodo_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:emsisoft:anti-malware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:eset:nod32_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f-prot:f-prot_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:gdata-software:g_data_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ikarus:ikarus_virus_utilities_t3_command_line_scanner",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:jiangmin:jiangmin_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:k7computing:antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:norman:norman_antivirus_%26_antispyware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nprotect:nprotect_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pandasecurity:panda_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:pc_tools:pc_tools_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:anti-virus:vba32",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:virusbuster:virusbuster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:aladdin:esafe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ahnlab:v3_internet_security",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:f-secure:anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:kaspersky:kaspersky_anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:quick_heal:quick_heal",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:symantec:endpoint_protection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sophos:anti-virus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:trend_micro_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:trendmicro:housecall",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fortinet:fortinet_antivirus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:microsoft:security_essentials",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:scan_engine",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:mcafee:web_gateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Suman Jana and Vitaly Shmatikov",
"sources": [
{
"db": "BID",
"id": "52612"
}
],
"trust": 0.3
},
"cve": "CVE-2012-1443",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2012-1443",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-54724",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-1443",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-1443",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201203-407",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-54724",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. Multiple products RAR A file parser contains a vulnerability that can prevent malware detection. Different RAR If it is announced that there is also a problem with the parser implementation, this vulnerability can be CVE May be split.By the attacker, MZ Has a character sequence starting with RAR Malware detection may be avoided via files. \nSuccessful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection. Sophos Anti-Virus is a set of anti-virus software for various operating systems from Sophos, UK. The software detects and removes viruses, spyware, trojans and worms in real time, ensuring comprehensive network protection for desktops and laptops. Multiple file-parsing vulnerabilities leading to evasion in different antivirus(AV) products. All \naffected products are command-line versions of \nthe AVs. \n\n----------------------------\nVulnerability Descriptions\n----------------------------\n\n1. Specially crafted infected POSIX TAR files with \"[aliases]\" as first 9 bytes \n evades detection. \n\n Affected products -\n ClamAV 0.96.4, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1419\n\n2. Specially crafted infected POSIX TAR files with \"\\7fELF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n Fortinent 4.2.254.0, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1420\n\n3. Specially crafted infected POSIX TAR files with \"MSCF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Rising 22.83.00.03, \n Symantec 20101.3.0.103\n\n CVE no - \n CVE-2012-1421\n\n4. Specially crafted infected POSIX TAR files with \"ITSF\" as first 4 bytes \n evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, NOD32 5795, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1422\n\n5. Specially crafted infected POSIX TAR files with \"MZ\" as first 2 bytes \n evades detection. \n\n Affected products -\n Command 5.2.11.5, Emsisoft 5.1.0.1, F-Prot 4.6.2.117, Fortinent 4.2.254.0, \n Ikarus T3.1.1.97.0, K7AntiVirus 9.77.3565, NOD32 5795, Norman 6.06.12, \n PCTools 7.0.3.5, Rising 22.83.00.03, VirusBuster 13.6.151.0\n\n CVE no - \n CVE-2012-1423\n\n6. Specially crafted infected POSIX TAR files with \"\\19\\04\\00\\10\" at offset 8\n evades detection. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Jiangmin 13.0.900, Norman 6.06.12, \n PCTools 7.0.3.5, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1424\n\n\n7. Specially crafted infected POSIX TAR files with \"\\50\\4B\\03\\04\" as the first\n 4 bytes evades detection. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Emsisoft 5.1.0.1,\n Fortinet 4.2.254.0, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004 \n\n CVE no - \n CVE-2012-1425\n\n8. Specially crafted infected POSIX TAR files with \"\\42\\5A\\68\" as the first\n 3 bytes evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Command 5.2.11.5, F-Prot 4.6.2.117, \n K7AntiVirus 9.77.3565, Norman 6.06.12, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1426\n\n\n9. Specially crafted infected POSIX TAR files with \"\\57\\69\\6E\\5A\\69\\70\" at \n offset 29 evades detection. \n\n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1427\n\n10. Specially crafted infected POSIX TAR files with \"\\4a\\46\\49\\46\" at offset 6\n evades detection. \n \n Affected products -\n CAT-QuickHeal 11.00, Norman 6.06.12, Sophos 4.61.0\n\n CVE no - \n CVE-2012-1428\n\n11. Specially crafted infected ELF files with \"ustar\" at offset 257\n evades detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n F-Secure 9.0.16160.0, Ikarus T3.1.1.97.0, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01 \n\n CVE no - \n CVE-2012-1429\n12. Specially crafted infected ELF files with \"\\19\\04\\00\\10\" at offset 8 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Comodo 7424, eSafe 7.0.17.0, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, nProtect 2011-01-17.01, \n Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1430\n13. Specially crafted infected ELF files with \"\\4a\\46\\49\\46\" at offset 6 evades\n detection. \n\n Affected products -\n BitDefender 7.2, Command 5.2.11.5, Comodo 7424, eSafe 7.0.17.0, \n F-Prot 4.6.2.117, F-Secure 9.0.16160.0, McAfee-GW-Edition 2010.1C, \n nProtect 2011-01-17.01, Sophos 4.61.0, Rising 22.83.00.03\n\n CVE no - \n CVE-2012-1431\n\n14. Specially crafted infected MS EXE files with \"\\57\\69\\6E\\5A\\69\\70\" at offset\n 29 evades detection. \n\n Affected products -\n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1432\n\n15. Specially crafted infected MS EXE files with \"\\4a\\46\\49\\46\" at offset\n 6 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1433\n\n16. Specially crafted infected MS EXE files with \"\\19\\04\\00\\10\" at offset\n 8 evades detection. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, \n Panda 10.0.2.7\n \n CVE no - \n CVE-2012-1434\n\n17. Specially crafted infected MS EXE files with \"\\50\\4B\\4C\\49\\54\\45\" at \n offset 30 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1435\n\n18. Specially crafted infected MS EXE files with \"\\2D\\6C\\68\" at \n offset 2 evades detection. \n \n Affected products - \n AhnLab-V3 2011.01.18.00, Emsisoft 5.1.0.1, eSafe 7.0.17.0, \n Ikarus T3.1.1.97.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1436\n\n19. Specially crafted infected MS Office files with \"\\50\\4B\\53\\70\\58\" at \n offset 526 evades detection. \n \n Affected products - \n Comodo 7425\n \n CVE no - \n CVE-2012-1437\n\n20. Specially crafted infected MS Office files with \"ustar\" at \n offset 257 evades detection. \n\n Affected products - \n Comodo 7425, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1438\n\n21. \u0027padding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s padding field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.17.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1439\n\n22. \u0027identsize\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s identsize field is incremented by 1 it evades\n detection. \n\n Affected products - \n Norman 6.06.12, eSafe 7.0.17.0, eTrust-Vet 36.1.8511, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1440\n\n23. \u0027e_ip\u0027 and \u0027e_res\u0027 field in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n Prevx 3.0\n\n \u0027e_minalloc\u0027, \u0027e_res2\u0027,\u0027e_cparhdr\u0027, \u0027e_crlc\u0027, \u0027e_lfarlc\u0027,\u0027e_maxalloc\u0027,\n \u0027e_oeminfo\u0027, \u0027e_ovno\u0027, \u0027e_cs\u0027, \u0027e_csum\u0027,\u0027e_sp\u0027, \u0027e_ss\u0027, \u0027e_cblp\u0027 and \n \u0027e_oemid\u0027 fields in MS EXE files are parsed incorrectly. \n If any of these fields in an infected MS EXE file is incremented by 1 \n it evades detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0\n\n\n CVE no - \n CVE-2012-1441\n\n24. \u0027class\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s class field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n eSafe 7.0.017.0, Kaspersky 7.0.0.125, F-Secure 9.0.16160.0, \n Sophos 4.61.0, Antiy-AVL 2.0.3.7, Rising 22.83.00.03, Fortinet 4.2.254.0, \n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1442\n\n25. Infected RAR files with initial two bytes set to \u0027MZ\u0027 can be fixed by the \n user and correctly extracted. Such a file evades detection. \n \n Affected products -\n ClamAV 0.96.4, Rising 22.83.00.03, CAT-QuickHeal 11.00, GData 21, \n Symantec 20101.3.0.103, Command 5.2.11.5, Ikarus T3.1.1.97.0, \n Emsisoft 5.1.0.1, PCTools 7.0.3.5, F-Prot 4.6.2.117, \n VirusBuster 13.6.151.0, Fortinent 4.2.254.0, Antiy-AVL 2.0.3.7, \n K7AntiVirus 9.77.3565, TrendMicro-HouseCall 9.120.0.1004,Kaspersky 7.0.0.125 \n Jiangmin 13.0.900. Microsoft 1.6402, Sophos 4.61.0, NOD32 5795, AntiVir 7.11.1.163, \n Norman 6.06.12, McAfee 5.400.0.1158, Panda 10.0.2.7, McAfee-GW-Edition 2010.1C, \n TrendMicro 9.120.0.1004, Comodo 7424, BitDefender 7.2, eSafe 7.0.17.0, F-Secure 9.0.16160.0\n nProtect 2011-01-17.01, AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, Avast 4.8.1351.0, \n Avast5 5.0.677.0, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1443\n\n26. \u0027abiversion\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abiversion field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Prevx 3.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1444\n\n27. \u0027abi\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s abi field is incremented by 1 it evades\n detection. \n\n Affected products - \n eSafe 7.0.017.0, Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1445\n\n28. \u0027encoding\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s encoding field is incremented by 1 it evades\n detection. \n\n Affected products - \n CAT-QuickHeal 11.00, McAfee 5.400.0.1158, Symantec 20101.3.0.103, \n Norman 6.06.12, eSafe 7.0.017.0, Kaspersky 7.0.0.125, \n McAfee-GW-Edition 2010.1C, Sophos 4.61.0, eTrust-Vet 36.1.8511, \n Antiy-AVL 2.0.3.7, PCTools 7.0.3.5, Rising 22.83.00.03, Fortinet 4.2.254.0,\n Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1446\n\n29. \u0027e_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s e_version field is incremented by 1 it evades\n detection. \n\n Affected products -\n Fortinet 4.2.254.0, eSafe 7.0.017.0, DrWeb 5.0.2.03300, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1447\n\n30. \u0027cbCabinet\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s cbCabinet field is incremented by 1 it evades\n detection. \n\n Affected products -\n CAT-QuickHeal 11.00, TrendMicro 9.120.0.1004, Ikarus T3.1.1.97.0\n TrendMicro-HouseCall 9.120.0.1004, Emsisoft 5.1.0.1 \n\n CVE no - \n CVE-2012-1448\n\n31. \u0027vMajor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s vMajor field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1449\n\n32. \u0027reserved3\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Sophos 4.61.0, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1450\n\n33. \u0027reserved2\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved2 field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0\n \n CVE no - \n CVE-2012-1451\n\n34. \u0027reserved1\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s reserved field is incremented by 1 it evades\n detection. \n\n Affected products -\n Emsisoft 5.1.0.1, Ikarus T3.1.1.97.0, CAT-QuickHeal 11.00\n \n CVE no - \n CVE-2012-1452\n\n35. \u0027coffFiles\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s coffFiles field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.2.03300, TrendMicro-HouseCall 9.120.0.1004, Kaspersky 7.0.0.125, \n Sophos 4.61.0, TrendMicro 9.120.0.1004, McAfee-GW-Edition 2010.1C,\n Emsisoft 5.1.0.1, eTrust-Vet 36.1.8511, Antiy-AVL 2.0.3.7, Microsoft 1.6402,\n Rising 22.83.00.03, Ikarus T3.1.1.97.0, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1453\n\n36. \u0027ei_version\u0027 field in ELF files is parsed incorrectly. \n If an infected ELF file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n McAfee 5.0.02.03300, eSafe 7.0.17.0, McAfee-GW-Edition 2010.1C, \n Rising 22.83.00.03, Fortinet 4.2.254.0, Panda 10.0.2.7\n\n CVE no - \n CVE-2012-1454\n\n37. \u0027vMinor\u0027 field in CAB files is parsed incorrectly. \n If an infected CAB file\u0027s version field is incremented by 1 it evades\n detection. \n\n Affected products -\n NOD32 5795, Rising 22.83.00.03\n \n CVE no - \n CVE-2012-1455\n\n38. A specially crafted ZIP file, created by concatenating the contents \n of a clean TAR archive and a virus-infected ZIP archive, is parsed \n incorrectly and evades detection. \n\n Affected products -\n AVG 10.0.0.1190, CAT-QuickHeal 11.00, Comodo 7424, Emsisoft 5.1.0.1,\n eSafe 7.0.17.0, F-Prot 4.6.2.117,Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, McAfee 5.400.0.1158, \n McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, Panda 10.0.2.7, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004\n\n CVE no - \n CVE-2012-1456\n\n39. If the length field in the header of a file with test EICAR virus\n included into a TAR archive is set to be greater than the archive\u0027s total \n length (1,000,000+original length in our experiments), the antivirus \n declares the file to be clean but virus gets extracted correctly by the \n GNU tar program. \n\n Affected products -\n AntiVir 7.11.1.163, Antiy-AVL 2.0.3.7, Avast 4.8.1351.0, Avast5 5.0.677.0, \n AVG 10.0.0.1190, BitDefender 7.2, CAT-QuickHeal 11.00, ClamAV 0.96.4, \n Command 5.2.11.5, Emsisoft 5.1.0.1, eSafe 7.0.17.0, F-Prot 4.6.2.117, \n GData 21, Ikarus T3.1.1.97.0, Jiangmin 13.0.900, K7AntiVirus 9.77.3565, \n Kaspersky 7.0.0.125, McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, \n Microsoft 1.6402, NOD32 5795, Norman 6.06.12, PCTools 7.0.3.5, \n Rising 22.83.00.03, Symantec 20101.3.0.103, TrendMicro 9.120.0.1004, \n TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2, VirusBuster 13.6.151.0 \n\n CVE no - \n CVE-2012-1457\n\n40. A Windows Compiled HTML Help (CHM) file is a set of HTML files,\n scripts, and images compressed using the LZX algorithm. \n For faster random accesses, the algorithm is reset at intervals\n instead of compressing the entire file as a single stream. The\n length of each interval is specified in the LZXC header. \n\n If an infected CHM file\u0027s header modified so that the reset interval\n is lower than in the original file, the antivirus declares the file\n to be clean. But the Windows CHM viewer hh.exe correctly decompresses\n the infected content located before the tampered header. \n\n Affected products -\n ClamAV 0.96.4, Sophos 4.61.0 \n\n CVE no - \n CVE-2012-1458\n\n41. In a POSIX TAR archive, each member file has a 512-byte header protected\n by a simple checksum. Every header also contains a file length field, which\n is used by the extractor to locate the next header in the archive. \n\n If a TAR archive contains two files: the first one is clean, while\n the second is infected with test EICAR virus - and it is modified such that \n the length field in the header of the first, clean file to point into the \n middle of the header of the second, infected file. The antivirus declares \n the file to be clean but virus gets extracted correctly by the \n GNU tar program. If an infected tar.gz archive is appended 6 random bytes at the end, \n the antivirus declares the file to be clean but virus gets extracted by\n the gunzip+tar programs correctly by ignoring these bytes. \n\n Affected products -\n Antiy-AVL 2.0.3.7, CAT-QuickHeal 11.00, Command 5.2.11.5, \n eSafe 7.0.17.0, F-Prot 4.6.2.117, Jiangmin 13.0.900, \n K7AntiVirus 9.77.3565, VBA32 3.12.14.2 \n \n CVE no - \n CVE-2012-1460\n\n43. GZIP files can contain multiple compressed streams, which are assembled\n when the contents are extracted. If an infected .tar.gz file is broken \n into two streams, the antivirus declares the infected .tar.gz file to \n be clean while tar+gunzip extract the virus correctly\n\n Affected products -\n AVG 10.0.0.1190, BitDefender 7.2, Command 5.2.11.5, Emsisoft 5.1.0.1, \n F-Secure 9.0.16160.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, K7AntiVirus 9.77.3565, Kaspersky 7.0.0.125, \n McAfee 5.400.0.1158, McAfee-GW-Edition 2010.1C, NOD32 5795, Norman 6.06.12, \n Rising 22.83.00.03, Sophos 4.61.0, Symantec 20101.3.0.103, \n TrendMicro 9.120.0.1004, TrendMicro-HouseCall 9.120.0.1004, VBA32 3.12.14.2 \n\n CVE no - \n CVE-2012-1461\n\n44. If an infected ZIP archive is prepended with 1024 random bytes at the \n beginning, the antivirus declares the file to be clean but virus gets extracted\n by the unzip program correctly by skipping these bytes\n\n Affected products -\n AhnLab-V3 2011.01.18.00, AVG 10.0.0.1190, CAT-QuickHeal 11.00, \n Emsisoft 5.1.0.1, eSafe 7.0.17.0, Fortinent 4.2.254.0, Ikarus T3.1.1.97.0, \n Jiangmin 13.0.900, Kaspersky 7.0.0.125, Norman 6.06.12, Sophos 4.61.0, \n Symantec 20101.3.0.103 \n\n CVE no - \n CVE-2012-1462\n\n45. In most ELF files, the 5th byte of the header indicates endianness: 01\n for little-endian, 02 for bigendian. Linux kernel, however, does not\n check this field before loading an ELF file. If an infected ELF file\u0027s 5-th \n byte is set to 02, the antivirus declares the file to be clean but the ELF \n file gets executed correctly. \n\n Affected products -\n AhnLab-V3 2011.01.18.00, BitDefender 7.2, CAT-QuickHeal 11.00, Command 5.2.11.5, \n Comodo 7424, eSafe 7.0.17.0, F-Prot 4.6.2.117, F-Secure 9.0.16160.0, \n McAfee 5.400.0.1158, Norman 6.06.12, nProtect 2011-01-17.01, Panda 10.0.2.7 \n\n CVE no - \n CVE-2012-1463\n\n--------\nCredits\n--------\nVulnerabilities found and advisory written by Suman Jana and Vitaly Shmatikov. \n\n-----------\nReferences\n-----------\n\"Abusing File Processing in Malware Detectors for Fun and Profit\" by Suman Jana and Vitaly Shmatikov\nTo appear in IEEE Symposium on Security and Privacy 2012\nhttp://www.ieee-security.org/TC/SP2012/ \n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-1443"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "PACKETSTORM",
"id": "110990"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-1443",
"trust": 2.9
},
{
"db": "BID",
"id": "52612",
"trust": 1.4
},
{
"db": "OSVDB",
"id": "80469",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80461",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80454",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80455",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80467",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80468",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80471",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80456",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80459",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80472",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80470",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80457",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80460",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "80458",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20120319 EVASION ATTACKS EXPOLITING FILE-PARSING VULNERABILITIES IN ANTIVIRUS PRODUCTS",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "19198",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-54724",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110990",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"id": "VAR-201203-0367",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T22:49:45.346000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "AVL SDK",
"trust": 0.8,
"url": "http://www.antiy.net/en/avlsdk.html"
},
{
"title": "Command Antivirus",
"trust": 0.8,
"url": "http://www.authentium.com/command/CSAVDownload.html"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.avast.co.jp/index"
},
{
"title": "AVG Anti-Virus",
"trust": 0.8,
"url": "http://www.avgjapan.com/home-small-office-security/buy-antivirus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.avira.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rising-global.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.bitdefender.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.clamav.net/lang/en/"
},
{
"title": "Comodo Antivirus",
"trust": 0.8,
"url": "http://www.comodo.com/home/internet-security/antivirus.php"
},
{
"title": "Emsisoft Anti-Malware",
"trust": 0.8,
"url": "http://www.emsisoft.com/en/software/antimalware/"
},
{
"title": "ESET NOD32\u30a2\u30f3\u30c1\u30a6\u30a4\u30eb\u30b9",
"trust": 0.8,
"url": "http://www.eset.com/us/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.fortinet.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.f-prot.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.gdata.co.jp/"
},
{
"title": "IKARUS virus.utilities",
"trust": 0.8,
"url": "http://www.ikarus.at/en/ngo-gov/products/virus_utilities/index.html"
},
{
"title": "Jiangmin Antivirus",
"trust": 0.8,
"url": "http://global.jiangmin.com/"
},
{
"title": "K7 AntiVirus",
"trust": 0.8,
"url": "http://www.k7computing.com/en/Product/k7-antivirusplus.php"
},
{
"title": "MacAfee Scan Engine",
"trust": 0.8,
"url": "http://www.mcafee.com/us/support/support-eol-scan-engine.aspx"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.norman.com/"
},
{
"title": "nProtect Anti-Virus",
"trust": 0.8,
"url": "http://global.nprotect.com/product/avs.php"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ps-japan.co.jp/"
},
{
"title": "PC Tools AntiVirus",
"trust": 0.8,
"url": "http://www.pctools.com/jp/spyware-doctor-antivirus/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.quickheal.com/"
},
{
"title": "Endpoint Protection",
"trust": 0.8,
"url": "http://www.symantec.com/ja/jp/endpoint-protection"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/home/"
},
{
"title": "Trend Micro HouseCall",
"trust": 0.8,
"url": "http://jp.trendmicro.com/jp/tools/housecall/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://anti-virus.by/en"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.virusbuster.hu/en"
},
{
"title": "eSafe",
"trust": 0.8,
"url": "http://www.aladdin.co.jp/esafe/"
},
{
"title": "V3 Internet Security",
"trust": 0.8,
"url": "http://www.ahnlab.co.jp/product_service/product/b2b/v3is8.asp"
},
{
"title": "Kaspersky Anti-Virus",
"trust": 0.8,
"url": "http://www.kaspersky.com/kaspersky_anti-virus"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sophos.com"
},
{
"title": "Microsoft Security Essentials",
"trust": 0.8,
"url": "http://windows.microsoft.com/ja-JP/windows/products/security-essentials"
},
{
"title": "McAfee Web Gateway",
"trust": 0.8,
"url": "http://www.mcafee.com/japan/products/web_gateway.asp"
},
{
"title": "F-Secure Anti-Virus",
"trust": 0.8,
"url": "http://www.f-secure.com/ja/web/home_jp/protection/anti-virus/overview"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"trust": 1.7,
"url": "http://www.ieee-security.org/tc/sp2012/program.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/52612"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80454"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80455"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80456"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80457"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80458"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80459"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80460"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80461"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80467"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80468"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80469"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80470"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80471"
},
{
"trust": 1.1,
"url": "http://osvdb.org/80472"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1443"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1443"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/19198"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2012/mar/88"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1419"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1439"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1426"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1429"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1440"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1432"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1438"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1428"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1446"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1443"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1444"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1441"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1421"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1430"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1435"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1424"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1431"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1425"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1423"
},
{
"trust": 0.1,
"url": "http://www.ieee-security.org/tc/sp2012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1442"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1433"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1420"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-1437"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-54724"
},
{
"db": "BID",
"id": "52612"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"db": "PACKETSTORM",
"id": "110990"
},
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-54724"
},
{
"date": "2012-03-20T00:00:00",
"db": "BID",
"id": "52612"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"date": "2012-03-19T23:51:01",
"db": "PACKETSTORM",
"id": "110990"
},
{
"date": "2012-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"date": "2012-03-21T10:11:48.083000",
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-54724"
},
{
"date": "2015-03-19T08:41:00",
"db": "BID",
"id": "52612"
},
{
"date": "2012-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001895"
},
{
"date": "2012-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201203-407"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-1443"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple products RAR Vulnerability that prevents file parsers from detecting malware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001895"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201203-407"
}
],
"trust": 0.6
}
}
VAR-202205-0218
Vulnerability from variot - Updated: 2024-11-23 21:58On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20771",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20771",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405324",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20771",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20771",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20771",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20771",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20771",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405324",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20771",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64262",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405324",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"id": "VAR-202205-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.572000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191378"
},
{
"title": "Cisco: ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-ZAZBwRVG"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20771"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20771/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2022-05-04T17:15:08.440000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T04:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2024-11-21T06:43:31.423000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.6
}
}
VAR-202205-0215
Vulnerability from variot - Updated: 2024-11-23 21:58On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. Clam AntiVirus (ClamAV) for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0215",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.4"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20796",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20796",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-405349",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2022-20796",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.0,
"id": "CVE-2022-20796",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20796",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20796",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20796",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-20796",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2060",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-405349",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-20796",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. Clam AntiVirus (ClamAV) for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20796",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64259",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405349",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20796",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"id": "VAR-202205-0215",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.529000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243165"
},
{
"title": "Cisco: ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-vL9x58p4"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-20796"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20796"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.0
},
{
"problemtype": "CWE-822",
"trust": 1.0
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-119",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-vl9x58p4"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20796/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405349"
},
{
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405349"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"date": "2022-05-04T17:15:08.797000",
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405349"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20796"
},
{
"date": "2023-08-14T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2022-010228"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2060"
},
{
"date": "2024-11-21T06:43:34.413000",
"db": "NVD",
"id": "CVE-2022-20796"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clam\u00a0AntiVirus\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2060"
}
],
"trust": 0.6
}
}
VAR-202205-0220
Vulnerability from variot - Updated: 2024-11-23 21:58On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20785",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405338",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20785",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20785",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405338",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20785",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405338",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"id": "VAR-202205-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.437000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191377"
},
{
"title": "Cisco: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-html-XAuOK8mR"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2022-20785"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20785"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-html-xauok8mr"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20785/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2022-05-04T17:15:08.680000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2024-11-21T06:43:33.120000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.6
}
}
VAR-202205-0219
Vulnerability from variot - Updated: 2024-11-23 21:58On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-20770",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405323",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20770",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2022-20770",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20770",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-20770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-20770",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405323",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20770",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64261",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405323",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"id": "VAR-202205-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:58:17.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=191379"
},
{
"title": "Cisco: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-prVGcHLd"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2022-20770"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=ALAS-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/AlphabugX/CVE-2022-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20770/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2022-05-04T17:15:08.377000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T04:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2024-11-21T06:43:31.263000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.6
}
}
VAR-202001-0770
Vulnerability from variot - Updated: 2024-11-23 21:26A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Clam AntiVirus (ClamAV) software Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. A resource management error vulnerability exists in Clam AntiVirus versions prior to 0.102.1 and versions prior to 0.101.5. ========================================================================= Ubuntu Security Notice USN-4230-2 January 23, 2020
clamav vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
ClamAV could be made to crash if it opened a specially crafted file.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled certain MIME messages.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: clamav 0.102.1+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM: clamav 0.102.1+dfsg-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4230-2 https://usn.ubuntu.com/4230-1 CVE-2019-15961 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-46
https://security.gentoo.org/
Severity: Low Title: ClamAV: Multiple vulnerabilities Date: March 19, 2020 Bugs: #702010, #708424 ID: 202003-46
Synopsis
Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition.
Background
ClamAV is a GPL virus scanner.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-antivirus/clamav < 0.102.2 >= 0.102.2
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.102.2"
References
[ 1 ] CVE-2019-15961 https://nvd.nist.gov/vuln/detail/CVE-2019-15961 [ 2 ] CVE-2020-3123 https://nvd.nist.gov/vuln/detail/CVE-2020-3123
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-46
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0770",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clamav",
"scope": "lte",
"trust": 1.8,
"vendor": "clamav",
"version": "0.101.4"
},
{
"model": "clamav",
"scope": "eq",
"trust": 1.8,
"vendor": "clamav",
"version": "0.102.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1.1-042"
},
{
"model": "email security appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.1.2-023"
},
{
"model": "e email security appliance",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:email_security_appliance_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu,Tomasz Kojm,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
}
],
"trust": 0.6
},
"cve": "CVE-2019-15961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-15961",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-148060",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-15961",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15961",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15961",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15961",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-15961",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15961",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1262",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-148060",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-15961",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Clam AntiVirus (ClamAV) software Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. A resource management error vulnerability exists in Clam AntiVirus versions prior to 0.102.1 and versions prior to 0.101.5. =========================================================================\nUbuntu Security Notice USN-4230-2\nJanuary 23, 2020\n\nclamav vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nClamAV could be made to crash if it opened a specially crafted file. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-4230-1 fixed a vulnerability in ClamAV. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled certain MIME messages. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n clamav 0.102.1+dfsg-0ubuntu0.14.04.1+esm1\n\nUbuntu 12.04 ESM:\n clamav 0.102.1+dfsg-0ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/4230-2\n https://usn.ubuntu.com/4230-1\n CVE-2019-15961\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202003-46\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Low\n Title: ClamAV: Multiple vulnerabilities\n Date: March 19, 2020\n Bugs: #702010, #708424\n ID: 202003-46\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in ClamAV, the worst of which\ncould result in a Denial of Service condition. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-antivirus/clamav \u003c 0.102.2 \u003e= 0.102.2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.102.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2019-15961\n https://nvd.nist.gov/vuln/detail/CVE-2019-15961\n[ 2 ] CVE-2020-3123\n https://nvd.nist.gov/vuln/detail/CVE-2020-3123\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-46\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "PACKETSTORM",
"id": "156073"
},
{
"db": "PACKETSTORM",
"id": "156831"
},
{
"db": "PACKETSTORM",
"id": "155883"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15961",
"trust": 2.9
},
{
"db": "PACKETSTORM",
"id": "155883",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156831",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "156073",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.0552",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4540",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0071.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0071",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.4568",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "155421",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-148060",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-15961",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "PACKETSTORM",
"id": "156073"
},
{
"db": "PACKETSTORM",
"id": "156831"
},
{
"db": "PACKETSTORM",
"id": "155883"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"id": "VAR-202001-0770",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148060"
}
],
"trust": 0.53892258
},
"last_update_date": "2024-11-23T21:26:27.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 12380",
"trust": 0.8,
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"
},
{
"title": "Cisco Bug: CSCvr56010 - Opened to track: ClamAV for Cisco Email Security Appliance (ESA) Denial of Service Vulnerability",
"trust": 0.8,
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010"
},
{
"title": "Clam AntiVirus Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108207"
},
{
"title": "Ubuntu Security Notice: clamav vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4230-1"
},
{
"title": "Ubuntu Security Notice: clamav vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4230-2"
},
{
"title": "Debian CVElist Bug Report Logs: new upstream version 0.102.1 to fix CVE-2019-15961",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8d35b8b88a91d7df7c4a2aec03a4e3d1"
},
{
"title": "Amazon Linux AMI: ALAS-2020-1335",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1335"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-15961 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-400",
"trust": 1.9
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://usn.ubuntu.com/4230-2/"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202003-46"
},
{
"trust": 1.8,
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"
},
{
"trust": 1.8,
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/cscvr56010"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"
},
{
"trust": 1.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15961"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15961"
},
{
"trust": 0.7,
"url": "https://usn.ubuntu.com/4230-1/"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193177-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193176-1.html"
},
{
"trust": 0.6,
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-201914236-1.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155421/clam-antivirus-toolkit-0.102.1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4350/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/155883/ubuntu-security-notice-usn-4230-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0071/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4568/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4412/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0071.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4540/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0552/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-denial-of-service-via-mime-messages-parsing-30920"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156831/gentoo-linux-security-advisory-202003-46.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/156073/ubuntu-security-notice-usn-4230-2.html"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4230-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/400.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110968"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4230-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3123"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.16.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.18.04.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.1+dfsg-0ubuntu0.19.10.2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "PACKETSTORM",
"id": "156073"
},
{
"db": "PACKETSTORM",
"id": "156831"
},
{
"db": "PACKETSTORM",
"id": "155883"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148060"
},
{
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"db": "PACKETSTORM",
"id": "156073"
},
{
"db": "PACKETSTORM",
"id": "156831"
},
{
"db": "PACKETSTORM",
"id": "155883"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-148060"
},
{
"date": "2020-01-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"date": "2020-01-23T19:19:09",
"db": "PACKETSTORM",
"id": "156073"
},
{
"date": "2020-03-19T22:01:09",
"db": "PACKETSTORM",
"id": "156831"
},
{
"date": "2020-01-08T16:53:54",
"db": "PACKETSTORM",
"id": "155883"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"date": "2020-01-15T19:15:13.317000",
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-19T00:00:00",
"db": "VULHUB",
"id": "VHN-148060"
},
{
"date": "2022-10-19T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15961"
},
{
"date": "2020-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014125"
},
{
"date": "2020-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1262"
},
{
"date": "2024-11-21T04:29:49.740000",
"db": "NVD",
"id": "CVE-2019-15961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "156073"
},
{
"db": "PACKETSTORM",
"id": "155883"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clam AntiVirus software Vulnerabilities related to resource exhaustion",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014125"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1262"
}
],
"trust": 0.6
}
}
VAR-202005-0717
Vulnerability from variot - Updated: 2024-11-23 21:19A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Clam AntiVirus (ClamAV) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ========================================================================= Ubuntu Security Notice USN-4435-2 July 27, 2020
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled parsing ARJ archives. (CVE-2020-3327)
It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350)
It was discovered that ClamAV incorrectly handled parsing EGG archives. (CVE-2020-3481)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4435-2 https://usn.ubuntu.com/4435-1 CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0717",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "clam antivirus",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "0.102.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.8,
"vendor": "clamav",
"version": "0.102.2"
},
{
"model": "clam antivirus",
"scope": "eq",
"trust": 0.1,
"vendor": "cisco",
"version": "0.102.2"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158624"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
}
],
"trust": 1.0
},
"cve": "CVE-2020-3327",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3327",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005536",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-181452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3327",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005536",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3327",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3327",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005536",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181452",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3327",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Clam AntiVirus (ClamAV) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. =========================================================================\nUbuntu Security Notice USN-4435-2\nJuly 27, 2020\n\nclamav vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-4435-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled parsing ARJ archives. (CVE-2020-3327)\n\n It was discovered that ClamAV incorrectly handled scanning malicious files. \n A local attacker could possibly use this issue to delete arbitrary files. \n (CVE-2020-3350)\n\n It was discovered that ClamAV incorrectly handled parsing EGG archives. (CVE-2020-3481)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1\n\nUbuntu 12.04 ESM:\n clamav 0.102.4+dfsg-0ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/4435-2\n https://usn.ubuntu.com/4435-1\n CVE-2020-3327, CVE-2020-3350, CVE-2020-3481\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158624"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3327",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "157799",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "158626",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.1831",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1758",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0056",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4540",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2558",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2704",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157681",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158454",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48917",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158624",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "157796",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-181452",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3327",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158624"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"id": "VAR-202005-0717",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181452"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:19:35.822000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ClamAV 0.102.3 security patch released",
"trust": 0.8,
"url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html"
},
{
"title": "Clam AntiVirus Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118727"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html"
},
{
"trust": 1.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3327"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202007-23"
},
{
"trust": 1.7,
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4370-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4370-2/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4435-1/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4435-2/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3327"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157681/clam-antivirus-toolkit-0.102.3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4350/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157799/ubuntu-security-notice-usn-4370-2.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48917"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4412/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158454/clam-antivirus-toolkit-0.102.4.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4540/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-three-vulnerabilities-32863"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158626/ubuntu-security-notice-usn-4435-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2558/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2704/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0056/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1758/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1831/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1775/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-denial-of-service-via-an-arj-archive-32251"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4370-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3341"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3481"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3350"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4435-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/181942"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.19.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4435-2"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4370-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158624"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181452"
},
{
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158624"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-181452"
},
{
"date": "2020-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"date": "2020-05-21T19:33:33",
"db": "PACKETSTORM",
"id": "157796"
},
{
"date": "2020-07-27T18:46:40",
"db": "PACKETSTORM",
"id": "158624"
},
{
"date": "2020-07-27T18:46:49",
"db": "PACKETSTORM",
"id": "158626"
},
{
"date": "2020-05-21T23:56:22",
"db": "PACKETSTORM",
"id": "157799"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"date": "2020-05-13T03:15:11.140000",
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-22T00:00:00",
"db": "VULHUB",
"id": "VHN-181452"
},
{
"date": "2020-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3327"
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005536"
},
{
"date": "2021-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-695"
},
{
"date": "2024-11-21T05:30:48.643000",
"db": "NVD",
"id": "CVE-2020-3327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "158626"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clam AntiVirus Input verification vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005536"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-695"
}
],
"trust": 0.6
}
}
VAR-202005-0719
Vulnerability from variot - Updated: 2024-11-23 20:10A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Clam AntiVirus (ClamAV) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-4370-2 May 21, 2020
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-4370-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM.
Original advisory details:
It was discovered that ClamAV incorrectly handled parsing ARJ archives. (CVE-2020-3327)
It was discovered that ClamAV incorrectly handled parsing PDF files. (CVE-2020-3341)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: clamav 0.102.3+dfsg-0ubuntu0.14.04.1+esm1
Ubuntu 12.04 ESM: clamav 0.102.3+dfsg-0ubuntu0.12.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4370-2 https://usn.ubuntu.com/4370-1 CVE-2020-3327, CVE-2020-3341
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202005-0719",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "30"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "clam antivirus",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "0.102.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "20.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "19.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "clam antivirus",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "0.101"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "clamav",
"scope": "eq",
"trust": 0.8,
"vendor": "clamav",
"version": "0.101 \u304b\u3089 0.102.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:clamav:clamav",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
}
],
"trust": 0.8
},
"cve": "CVE-2020-3341",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3341",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005537",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-181466",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3341",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005537",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3341",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3341",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-005537",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202005-690",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181466",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3341",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Clam AntiVirus (ClamAV) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-4370-2\nMay 21, 2020\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-4370-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled parsing ARJ archives. (CVE-2020-3327)\n\n It was discovered that ClamAV incorrectly handled parsing PDF files. (CVE-2020-3341)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n clamav 0.102.3+dfsg-0ubuntu0.14.04.1+esm1\n\nUbuntu 12.04 ESM:\n clamav 0.102.3+dfsg-0ubuntu0.12.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://usn.ubuntu.com/4370-2\n https://usn.ubuntu.com/4370-1\n CVE-2020-3327, CVE-2020-3341\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3341",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "157799",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "48880",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1831",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1775",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1758",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4350",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4540",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.4412",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0056",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "157681",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181466",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3341",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "157796",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"id": "VAR-202005-0719",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181466"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:10:17.323000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ClamAV 0.102.3 security patch released",
"trust": 0.8,
"url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html"
},
{
"title": "Clam AntiVirus Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118725"
},
{
"title": "Ubuntu Security Notice: clamav vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4370-1"
},
{
"title": "Ubuntu Security Notice: clamav vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4370-2"
},
{
"title": "CVE-T4PDF\nTable of contents\nList of CVEs\nList of Techniques",
"trust": 0.1,
"url": "https://github.com/0xCyberY/CVE-T4PDF "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/4370-1/"
},
{
"trust": 1.8,
"url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/4370-2/"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3341"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3341"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157681/clam-antivirus-toolkit-0.102.3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4350/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/157799/ubuntu-security-notice-usn-4370-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0056/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4412/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1758/"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48880"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1831/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1775/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-denial-of-service-via-the-pdf-parser-32252"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.4540/"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/4370-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3327"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.19.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.16.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4370-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181466"
},
{
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-13T00:00:00",
"db": "VULHUB",
"id": "VHN-181466"
},
{
"date": "2020-05-13T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"date": "2020-05-21T19:33:33",
"db": "PACKETSTORM",
"id": "157796"
},
{
"date": "2020-05-21T23:56:22",
"db": "PACKETSTORM",
"id": "157799"
},
{
"date": "2020-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"date": "2020-05-13T03:15:11.200000",
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-181466"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3341"
},
{
"date": "2020-06-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005537"
},
{
"date": "2021-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202005-690"
},
{
"date": "2024-11-21T05:30:50.270000",
"db": "NVD",
"id": "CVE-2020-3341"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "157796"
},
{
"db": "PACKETSTORM",
"id": "157799"
},
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Clam AntiVirus Input verification vulnerabilities in software",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005537"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202005-690"
}
],
"trust": 0.6
}
}