CVE-2012-1419

CWE-2649 documents6 sources

Severity

4.3MEDIUM

EPSS

0.8%

top 25.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

CAT Quick Heal Clamav Clamav

Timeline

PublishedMar 21

Latest updateMay 17

Description

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDcat/quick_heal11.00

▶Debianclamav< 0.97.5+dfsg-1+3

▶NVDclamav/clamav0.96.4

🔴Vulnerability Details

GHSA

GHSA-f477-w5xf-pqg9: The TAR file parser in ClamAV 0↗2022-05-17

▶

CVEList

CVE-2012-1419: The TAR file parser in ClamAV 0↗2012-03-21

▶

OSV

CVE-2012-1419: The TAR file parser in ClamAV 0↗2012-03-21

▶

📋Vendor Advisories

Debian

CVE-2012-1419: clamav - The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 al...↗2012

▶

💬Community

Bugzilla

CVE-2012-1989 puppet: Insecure temporary file use for NET::Telnet connection log (/tmp/out.log)↗2012-07-03

▶

Bugzilla

CVE-2012-1419 clamav: specially-crafted POSIX tar files evade detection↗2012-03-22

▶

Bugzilla

CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [epel-all]↗2012-03-22

▶

Bugzilla

CVE-2012-1419 CVE-2012-1443 CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 clamav various flaws [fedora-all]↗2012-03-22

▶