QwikSec

Security Database

CVE

CWE

Training

CVE-2017-12378

Published: Jan 26, 2018

Modified: Dec 2, 2024

PUBLISHED

Description

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.

Vendor	Product	Versions
n/a	ClamAV AntiVirus software versions 0.99.2 and prior	affected `ClamAV AntiVirus software versions 0.99.2 and prior`

References

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.clamav.net/show_bug.cgi?id=11946

x_refsource_CONFIRM

[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update

mailing-list

x_refsource_MLIST

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.