CVE-2017-6418 — Out-of-bounds Read in Clamav

CWE-125 — Out-of-bounds Read10 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 40.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav

Timeline

PublishedAug 7

Latest updateMay 14

Description

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/clamav< clamav 0.99.3~beta1+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.99.3~beta1+dfsg-1+3

▶Ubuntuclamav/clamav< 0.99.2+addedllvm-0ubuntu0.14.04.2+1

▶NVDclamav/clamav0.99.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v49r-2h6g-2ghv: libclamav/message↗2022-05-14

▶

OSV

clamav vulnerabilities↗2017-08-17

▶

OSV

CVE-2017-6418: libclamav/message↗2017-08-07

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2017-08-17

▶

Ubuntu

ClamAV vulnerabilities↗2017-08-17

▶

Debian

CVE-2017-6418: clamav - libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial o...↗2017

▶

💬Community

Bugzilla

CVE-2017-6418 clamav: out-of-bounds read in libclamav/message.c↗2017-08-22

▶

Bugzilla

CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 clamav: various flaws [epel-all]↗2017-08-22

▶

Bugzilla

CVE-2017-6418 CVE-2017-6419 CVE-2017-6420 clamav: various flaws [fedora-all]↗2017-08-22

▶