Vulnerability-Lookup

CVE-2019-12625 (GCVE-0-2019-12625)

Vulnerability from cvelistv5 – Published: 2019-11-05 18:15 – Updated: 2024-11-19 18:52

Title

ClamAV Zip Bomb Vulnerability

Summary

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

cisco

References

URL

Tags

	https://blog.clamav.net/2019/08/clamav-01014-secu…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Cisco	ClamAV	Affected: unspecified , < 0.101.3 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:24:39.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
          },
          {
            "name": "openSUSE-SU-2019:2595",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2019:2597",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-12625",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T17:22:32.861218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T18:52:35.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ClamAV",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "0.101.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-12-01T06:06:11.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
        },
        {
          "name": "openSUSE-SU-2019:2595",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
        },
        {
          "name": "openSUSE-SU-2019:2597",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
        }
      ],
      "source": {
        "advisory": "clamav-01014",
        "discovery": "USER"
      },
      "title": "ClamAV Zip Bomb Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2019-12625",
          "STATE": "PUBLIC",
          "TITLE": "ClamAV Zip Bomb Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ClamAV",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "0.101.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400 Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html",
              "refsource": "MISC",
              "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
            },
            {
              "name": "openSUSE-SU-2019:2595",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2019:2597",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
            }
          ]
        },
        "source": {
          "advisory": "clamav-01014",
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-12625",
    "datePublished": "2019-11-05T18:15:36.000Z",
    "dateReserved": "2019-06-04T00:00:00.000Z",
    "dateUpdated": "2024-11-19T18:52:35.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T23:24:39.183Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-12625\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-19T17:22:32.861218Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-19T17:23:02.698Z\"}}], \"cna\": {\"title\": \"ClamAV Zip Bomb Vulnerability\", \"source\": {\"advisory\": \"clamav-01014\", \"discovery\": \"USER\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"ClamAV\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"0.101.3\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2019-12-01T06:06:11.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, \"source\": {\"advisory\": \"clamav-01014\", \"discovery\": \"USER\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"0.101.3\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"ClamAV\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\", \"name\": \"https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\", \"refsource\": \"MISC\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\", \"name\": \"openSUSE-SU-2019:2595\", \"refsource\": \"SUSE\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html\", \"name\": \"openSUSE-SU-2019:2597\", \"refsource\": \"SUSE\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-400 Uncontrolled Resource Consumption\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-12625\", \"STATE\": \"PUBLIC\", \"TITLE\": \"ClamAV Zip Bomb Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-12625\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-19T18:52:35.512Z\", \"dateReserved\": \"2019-06-04T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2019-11-05T18:15:36.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2019-12625

Vulnerability from fstec - Published: 03.10.2019

Title

Уязвимость пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость пакета антивирусных программ ClamAV связана с некорректной зачисткой или освобождением ресурсов. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании с помощью отправки специально созданных сообщений в уязвимую систему

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Vendor

Canonical Ltd., Сообщество свободного программного обеспечения, Novell Inc., Cisco Systems Inc.

Software Name

Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, OpenSUSE Leap, SUSE Linux Enterprise Module for Basesystem, SUSE Enterprise Storage, SUSE Linux Enterprise Point of Sale, HPE Helion Openstack, Clam Antivirus

Software Version

16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 12 SP1 LTSS (Suse Linux Enterprise Server), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 5 (SUSE Enterprise Storage), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (Suse Linux Enterprise Server), 14.04 ESM (Ubuntu), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 8 (Debian GNU/Linux), Crowbar 8 (SUSE OpenStack Cloud), 10 (Debian GNU/Linux), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 19.10 (Ubuntu), до 0.101.4 (Clam Antivirus)

Possible Mitigations

Использование рекомендаций: Для Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html?_ga=2.57688290.932806895.1569816680-1618695258.1547637860 https://usn.ubuntu.com/usn/usn-4146-1 https://usn.ubuntu.com/usn/usn-4146-2 Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html https://www.suse.com/security/cve/CVE-2019-12625/ Для ClamAV: https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html Для Debian: https://security-tracker.debian.org/tracker/CVE-2019-12625

Reference

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html?_ga=2.57688290.932806895.1569816680-1618695258.1547637860 https://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html https://usn.ubuntu.com/usn/usn-4146-1 https://usn.ubuntu.com/usn/usn-4146-2 https://www.suse.com/security/cve/CVE-2019-12625/ https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html https://security-tracker.debian.org/tracker/CVE-2019-12625

CWE

CWE-400, CWE-404

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 7 (SUSE OpenStack Cloud), 12 SP4 (Suse Linux Enterprise Server), 11 SP4 (Suse Linux Enterprise Server), 12 SP1 LTSS (Suse Linux Enterprise Server), 12.04 ESM (Ubuntu), 19.04 (Ubuntu), 15.0 (OpenSUSE Leap), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 5 (SUSE Enterprise Storage), 12 SP2-CLIENT (SUSE Linux Enterprise Point of Sale), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 11 SP3 (SUSE Linux Enterprise Point of Sale), 12 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP1-LTSS (SUSE Linux Enterprise Server for SAP Applications), 15.1 (OpenSUSE Leap), 12 SP2-LTSS (Suse Linux Enterprise Server), 11 SP4-LTSS (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (Suse Linux Enterprise Server), 14.04 ESM (Ubuntu), 8 (SUSE OpenStack Cloud), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP3-BCL (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-LTSS (SUSE Linux Enterprise Server for SAP Applications), 8 (Debian GNU/Linux), Crowbar 8 (SUSE OpenStack Cloud), 10 (Debian GNU/Linux), 8 (HPE Helion Openstack), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP3-ESPOS (SUSE Linux Enterprise Server for SAP Applications), 19.10 (Ubuntu), \u0434\u043e 0.101.4 (Clam Antivirus)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Ubuntu:\nhttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html?_ga=2.57688290.932806895.1569816680-1618695258.1547637860\nhttps://usn.ubuntu.com/usn/usn-4146-1\nhttps://usn.ubuntu.com/usn/usn-4146-2\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\nhttps://www.suse.com/security/cve/CVE-2019-12625/\n\n\u0414\u043b\u044f ClamAV:\nhttps://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2019-12625",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.10.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-01710",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-12625",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Debian GNU/Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, SUSE OpenStack Cloud, Suse Linux Enterprise Server, OpenSUSE Leap, SUSE Linux Enterprise Module for Basesystem, SUSE Enterprise Storage, SUSE Linux Enterprise Point of Sale, HPE Helion Openstack, Clam Antivirus",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS 32-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 12.04 ESM , Canonical Ltd. Ubuntu 19.04 , Novell Inc. OpenSUSE Leap 15.0 32-bit, Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 19.10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c ClamAV, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0440\u0430\u0441\u0445\u043e\u0434 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u00ab\u0418\u0441\u0442\u043e\u0449\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u00bb) (CWE-400), \u041d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u0430 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (CWE-404)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u0430 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c ClamAV \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u0437\u0430\u0447\u0438\u0441\u0442\u043a\u043e\u0439 \u0438\u043b\u0438 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0432 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12625.html?_ga=2.57688290.932806895.1569816680-1618695258.1547637860\nhttps://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html\nhttps://usn.ubuntu.com/usn/usn-4146-1\nhttps://usn.ubuntu.com/usn/usn-4146-2\nhttps://www.suse.com/security/cve/CVE-2019-12625/\nhttps://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html\nhttps://security-tracker.debian.org/tracker/CVE-2019-12625",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-400, CWE-404",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

CERTFR-2019-AVI-477

Vulnerability from certfr_avis - Published: 2019-10-01 - Updated: 2019-10-01

De multiples vulnérabilités ont été découvertes dans Zimbra. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Zimbra 8.8.12 “Isaac Newton” versions antérieures au Patch 6
N/A	N/A	Zimbra 8.7.11 versions antérieures au Patch 14
N/A	N/A	Zimbra 8.8.15 “James Prescott Joule” versions antérieures au Patch 2

References

Title

Publication Time

cleanstart-2026-wx01708

Vulnerability from cleanstart

Published

2026-02-06 01:10

Modified

2026-02-03 13:35

Summary

vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device

Details

Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. See references for individual vulnerability details.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "clamav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.2-r0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the clamav package. A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-WX01708",
  "modified": "2026-02-03T13:35:45Z",
  "published": "2026-02-06T01:10:02.024980Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-WX01708.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-11423"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12374"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12375"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12376"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12377"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12378"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12379"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-12380"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-16932"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2017-6419"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-0202"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-0360"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-0361"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-1000085"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-14680"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-14681"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-14682"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-12625"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-15961"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-1787"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-1788"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2019-1789"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-3123"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-3327"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-3341"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-3350"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-3481"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-1252"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-1404"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-1405"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-20698"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-48579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-20052"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-20197"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-20290"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-20328"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11423"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12374"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12375"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12376"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12377"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12378"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12379"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12380"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16932"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6419"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0202"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0360"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0361"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000085"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14680"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14681"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14682"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12625"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15961"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1787"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1788"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1789"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3123"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3327"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3341"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3350"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3481"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1252"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1404"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1405"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20698"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20052"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20197"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20290"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20328"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device",
  "upstream": [
    "CVE-2017-11423",
    "CVE-2017-12374",
    "CVE-2017-12375",
    "CVE-2017-12376",
    "CVE-2017-12377",
    "CVE-2017-12378",
    "CVE-2017-12379",
    "CVE-2017-12380",
    "CVE-2017-16932",
    "CVE-2017-6419",
    "CVE-2018-0202",
    "CVE-2018-0360",
    "CVE-2018-0361",
    "CVE-2018-1000085",
    "CVE-2018-14680",
    "CVE-2018-14681",
    "CVE-2018-14682",
    "CVE-2019-12625",
    "CVE-2019-15961",
    "CVE-2019-1787",
    "CVE-2019-1788",
    "CVE-2019-1789",
    "CVE-2020-3123",
    "CVE-2020-3327",
    "CVE-2020-3341",
    "CVE-2020-3350",
    "CVE-2020-3481",
    "CVE-2021-1252",
    "CVE-2021-1404",
    "CVE-2021-1405",
    "CVE-2022-20698",
    "CVE-2022-48579",
    "CVE-2023-20052",
    "CVE-2023-20197",
    "CVE-2024-20290",
    "CVE-2024-20328"
  ]
}

CNVD-2019-29199

Vulnerability from cnvd - Published: 2019-08-28

Title

Clam AntiVirus路径遍历漏洞

Description

Clam AntiVirus是ClamAV团队的一款用于检测木马，病毒，恶意软件和其他恶意威胁的开源杀毒引擎。 Clam AntiVirus中存在安全漏洞。目前暂无详细的漏洞细节提供。

Severity

中

Patch Name

Clam AntiVirus路径遍历漏洞的补丁

Patch Description

Clam AntiVirus是ClamAV团队的一款用于检测木马，病毒，恶意软件和其他恶意威胁的开源杀毒引擎。 Clam AntiVirus中存在安全漏洞。目前暂无详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://blog.clamav.net/2019/03/

Reference

https://blog.clamav.net/2019/03/

Impacted products

Name
ClamAV Clam AntiVirus

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": [
      {
        "cveNumber": "CVE-2019-1785",
        "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785"
      },
      {
        "cveNumber": "CVE-2019-12625",
        "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12625"
      }
    ]
  },
  "description": "Clam AntiVirus\u662fClamAV\u56e2\u961f\u7684\u4e00\u6b3e\u7528\u4e8e\u68c0\u6d4b\u6728\u9a6c\uff0c\u75c5\u6bd2\uff0c\u6076\u610f\u8f6f\u4ef6\u548c\u5176\u4ed6\u6076\u610f\u5a01\u80c1\u7684\u5f00\u6e90\u6740\u6bd2\u5f15\u64ce\u3002\n\nClam AntiVirus\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://blog.clamav.net/2019/03/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-29199",
  "openTime": "2019-08-28",
  "patchDescription": "Clam AntiVirus\u662fClamAV\u56e2\u961f\u7684\u4e00\u6b3e\u7528\u4e8e\u68c0\u6d4b\u6728\u9a6c\uff0c\u75c5\u6bd2\uff0c\u6076\u610f\u8f6f\u4ef6\u548c\u5176\u4ed6\u6076\u610f\u5a01\u80c1\u7684\u5f00\u6e90\u6740\u6bd2\u5f15\u64ce\u3002\r\n\r\nClam AntiVirus\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u76ee\u524d\u6682\u65e0\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Clam AntiVirus\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ClamAV Clam AntiVirus"
  },
  "referenceLink": "https://blog.clamav.net/2019/03/",
  "serverity": "\u4e2d",
  "submitTime": "2019-03-29",
  "title": "Clam AntiVirus\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CNVD-2019-41839

Vulnerability from cnvd - Published: 2019-11-22

Title

Clam AntiVirus拒绝服务漏洞

Description

ClamAV（Clam AntiVirus）是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.101.3之前版本中存在拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Clam AntiVirus拒绝服务漏洞的补丁

Patch Description

ClamAV（Clam AntiVirus）是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.101.3之前版本中存在拒绝服务漏洞，攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Clamav+(ClamAV%C2%AE)

Reference

https://packetstormsecurity.com/files/154185/Clam-AntiVirus-Toolkit-0.101.4.html

Impacted products

Name
ClamAV ClamAV <0.101.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12625"
    }
  },
  "description": "ClamAV\uff08Clam AntiVirus\uff09\u662fClamAV\u56e2\u961f\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u7528\u4e8e\u68c0\u6d4b\u6728\u9a6c\u3001\u75c5\u6bd2\u3001\u6076\u610f\u8f6f\u4ef6\u548c\u5176\u4ed6\u6076\u610f\u5a01\u80c1\u3002\n\nClamAV 0.101.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html?utm_source=feedburner\u0026utm_medium=feed\u0026utm_campaign=Feed:+Clamav+(ClamAV%C2%AE)",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-41839",
  "openTime": "2019-11-22",
  "patchDescription": "ClamAV\uff08Clam AntiVirus\uff09\u662fClamAV\u56e2\u961f\u7684\u4e00\u5957\u514d\u8d39\u4e14\u5f00\u6e90\u7684\u6740\u6bd2\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u7528\u4e8e\u68c0\u6d4b\u6728\u9a6c\u3001\u75c5\u6bd2\u3001\u6076\u610f\u8f6f\u4ef6\u548c\u5176\u4ed6\u6076\u610f\u5a01\u80c1\u3002\r\n\r\nClamAV 0.101.3\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Clam AntiVirus\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ClamAV ClamAV \u003c0.101.3"
  },
  "referenceLink": "https://packetstormsecurity.com/files/154185/Clam-AntiVirus-Toolkit-0.101.4.html",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-21",
  "title": "Clam AntiVirus\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2019-12625

Vulnerability from fkie_nvd - Published: 2019-11-05 19:15 - Updated: 2024-11-21 04:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
psirt@cisco.com	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
psirt@cisco.com	https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html	Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	clamav	clamav	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94499663-814A-44DD-96D9-3B54212D8281",
              "versionEndExcluding": "0.101.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system."
    },
    {
      "lang": "es",
      "value": "Las versiones anteriores a la versi\u00f3n 0.101.3 de ClamAV son susceptibles a una vulnerabilidad de bomba zip donde un atacante no autenticado puede causar una condici\u00f3n de denegaci\u00f3n de servicio mediante el env\u00edo de mensajes especialmente dise\u00f1ados en un sistema afectado."
    }
  ],
  "id": "CVE-2019-12625",
  "lastModified": "2024-11-21T04:23:12.933",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-05T19:15:10.477",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-12625

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-12625

Aliases

CVE-2019-12625

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-12625",
    "description": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",
    "id": "GSD-2019-12625",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-12625.html",
      "https://ubuntu.com/security/CVE-2019-12625",
      "https://advisories.mageia.org/CVE-2019-12625.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-12625"
      ],
      "details": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",
      "id": "GSD-2019-12625",
      "modified": "2023-12-13T01:23:44.020807Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2019-12625",
        "STATE": "PUBLIC",
        "TITLE": "ClamAV Zip Bomb Vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ClamAV",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "0.101.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400 Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html",
            "refsource": "MISC",
            "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
          },
          {
            "name": "openSUSE-SU-2019:2595",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
          },
          {
            "name": "openSUSE-SU-2019:2597",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
          }
        ]
      },
      "source": {
        "advisory": "clamav-01014",
        "discovery": "USER"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.101.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2019-12625"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-404"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
            },
            {
              "name": "openSUSE-SU-2019:2595",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
            },
            {
              "name": "openSUSE-SU-2019:2597",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-12-01T01:15Z",
      "publishedDate": "2019-11-05T19:15Z"
    }
  }
}

GHSA-FJ79-GF26-7C3P

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:38

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-12625"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-05T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.",
  "id": "GHSA-fj79-gf26-7c3p",
  "modified": "2024-04-04T02:38:21Z",
  "published": "2022-05-24T17:00:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12625"
    },
    {
      "type": "WEB",
      "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-12625 (GCVE-0-2019-12625)

Solution

Vulnerability from cleanstart

Tags

Sightings

Nomenclature