CISA-2017-12374
Reported by cisco · Published January 26, 2018
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | ClamAV AntiVirus software versions 0.99.2 and prior | ClamAV AntiVirus software versions 0.99.2 and prior |
| n/a | ClamAV AntiVirus software versions 0.99.2 and prior | ClamAV AntiVirus software versions 0.99.2 and prior, * |
Timeline
- Jan 26, 2018 CVE Published
- Dec 2, 2024 CVE Updated
References
- USN-3550-1 vendor-advisoryx_refsource_UBUNTU
- USN-3550-2 vendor-advisoryx_refsource_UBUNTU
- [debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update mailing-listx_refsource_MLIST
- x_refsource_CONFIRM
- x_refsource_CONFIRM