Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-12374

Published: 26/01/2018 Updated: 16/03/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Debian Linux

Vulnerability Summary

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

clamav clamav

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
Debian Bug report logs - #888484 clamav: Security release 0993 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Amazon Linux AMI: ALAS-2018-958
Heap-based buffer overflow in mspack/lzxdc:mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file(CVE-2017-6419) The wwunpack function in libclamav/wwunpackc in ClamAV 0 ...
Arch Linux Issues:
ClamAV AntiVirus software versions 0992 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mboxc operations on bounce messages) ...

References

CWE-416https://bugzilla.clamav.net/show_bug.cgi?id=11939http://blog.clamav.net/2018/01/clamav-0993-has-been-released.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00035.htmlhttps://usn.ubuntu.com/3550-2/https://usn.ubuntu.com/3550-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484https://nvd.nist.govhttps://usn.ubuntu.com/3550-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook