CVE-2017-12379 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Clamav
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
15.7%
top 5.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 26
Latest updateMay 14
Description
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action coul…
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 7.0
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3 [epel-all]↗2018-01-29
Bugzilla▶
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3↗2018-01-29
Bugzilla▶
CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380 clamav: Multiple vulnerabilities fixed in 0.99.3 [fedora-all]↗2018-01-29