Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-12379

Published: 26/01/2018 Updated: 16/03/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian Linux

Vulnerability Summary

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the malicious user to potentially cause a DoS condition or execute arbitrary code on an affected device.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

clamav clamav

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
Debian Bug report logs - #888484 clamav: Security release 0993 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Amazon Linux AMI: ALAS-2018-958
Heap-based buffer overflow in mspack/lzxdc:mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file(CVE-2017-6419) The wwunpack function in libclamav/wwunpackc in ClamAV 0 ...
Arch Linux Issues:
ClamAV AntiVirus software versions 0992 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an aff ...

References

CWE-119https://bugzilla.clamav.net/show_bug.cgi?id=11944http://blog.clamav.net/2018/01/clamav-0993-has-been-released.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00035.htmlhttps://usn.ubuntu.com/3550-2/https://usn.ubuntu.com/3550-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484https://nvd.nist.govhttps://usn.ubuntu.com/3550-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook