Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-11423  

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

Source
Severity Medium

Remote Yes

Type Denial of service

Description 

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4  and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

AVG-603 libmspack 0.5alpha-1 1:0.6alpha-1 Critical Fixed

AVG-602 clamav 0.99.3-1 0.99.4-1 Critical Fixed

18 Mar 2018 ASA-201803-14 AVG-602 clamav Critical multiple issues

20 Feb 2018 ASA-201802-9 AVG-603 libmspack Critical multiple issues 

https://bugzilla.clamav.net/show_bug.cgi?id=11873
https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
https://github.com/Cisco-Talos/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
https://github.com/Cisco-Talos/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul

ClamAV uses the libmspack system library when available.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started