CVE-2016-1371Improper Access Control in Clamav

CWE-284Improper Access ControlCWE-200Sensitive Information ExposureCWE-522Insufficiently Protected Credentials7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 33.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedOct 3
Latest updateOct 2

Description

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/clamav< clamav 0.99.2+dfsg-1 (bookworm)
Debianclamav/clamav< 0.99.2+dfsg-1+3
NVDclamav/clamav0.99.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

🔴Vulnerability Details

3
GHSA
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission2024-10-02
GHSA
GHSA-x2x5-2j3g-8q37: ClamAV (aka Clam AntiVirus) before 02022-05-17
OSV
CVE-2016-1371: ClamAV (aka Clam AntiVirus) before 02016-10-03

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2016-09-28
Debian
CVE-2016-1371: clamav - ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a den...2016

💬Community

1
Bugzilla
CVE-2016-1371 clamav: Crash when processing a crafted mew packer executable2016-06-14