Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2017-12378

Published: 26/01/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Debian Linux

Vulnerability Summary

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the malicious user to cause a DoS condition on the affected device.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

clamav clamav

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
Debian Bug report logs - #888484 clamav: Security release 0993 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Amazon Linux AMI: ALAS-2018-958
Heap-based buffer overflow in mspack/lzxdc:mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file(CVE-2017-6419) The wwunpack function in libclamav/wwunpackc in ClamAV 0 ...
Arch Linux Issues:
ClamAV AntiVirus software versions 0992 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device The vulnerability is due to improper input validation checking mechanisms of tar (Tape Archive) files sent to an affected device A successful exploit c ...

References

CWE-125https://bugzilla.clamav.net/show_bug.cgi?id=11946http://blog.clamav.net/2018/01/clamav-0993-has-been-released.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00035.htmlhttps://usn.ubuntu.com/3550-2/https://usn.ubuntu.com/3550-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484https://nvd.nist.govhttps://usn.ubuntu.com/3550-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook