CVE-2012-1424

CWE-2643 documents3 sources

Severity

4.3MEDIUM

EPSS

4.1%

top 11.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Antiy AVL SDK CAT Quick Heal Jiangmin Jiangmin Antivirus +3 more

Timeline

PublishedMar 21

Latest updateMay 17

Description

The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implem…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages6 packages

▶NVDjiangmin/jiangmin_antivirus13.0.900

▶NVDpc_tools/pc_tools_antivirus7.0.3.5

▶NVDnorman/norman_antivirus_\&_antispyware6.06.12

▶NVDcat/quick_heal11.00

▶NVDsophos/sophos_anti-virus4.61.0

🔴Vulnerability Details

GHSA

GHSA-fpgp-wp2g-292c: The TAR file parser in Antiy Labs AVL SDK 2↗2022-05-17

▶

CVEList

CVE-2012-1424: The TAR file parser in Antiy Labs AVL SDK 2↗2012-03-21

▶