CVE-2019-12625Uncontrolled Resource Consumption in Cisco Clamav

CWE-400Uncontrolled Resource ConsumptionCWE-404Improper Resource Shutdown or Release13 documents8 sources
Severity
7.5HIGHNVD
EPSS
2.1%
top 15.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco ClamavClamav
Timeline
PublishedNov 5
Latest updateMay 24

Description

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/clamavunspecified0.101.3
NVDclamav/clamav< 0.101.3
Debianclamav/clamav< 0.101.4+dfsg-1+3
Ubuntuclamav/clamav< 0.101.4+dfsg-0ubuntu0.16.04.1+2

🔴Vulnerability Details

5
GHSA
GHSA-fj79-gf26-7c3p: ClamAV versions prior to 02022-05-24
OSV
CVE-2019-12625: ClamAV versions prior to 02019-11-05
CVEList
ClamAV Zip Bomb Vulnerability2019-11-05
OSV
clamav vulnerabilities2019-10-03
OSV
clamav vulnerabilities2019-10-02

📋Vendor Advisories

4
Microsoft
ClamAV Zip Bomb Vulnerability2019-11-12
Ubuntu
ClamAV vulnerabilities2019-10-03
Ubuntu
ClamAV vulnerabilities2019-10-02
Debian
CVE-2019-12625: clamav - ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability whe...2019

💬Community

3
Bugzilla
[EL6] CVE-2019-12625 clamav: denial of service via crafted message [epel-all]2019-11-08
Bugzilla
CVE-2019-12625 clamav: denial of service via crafted message2019-11-08
Bugzilla
CVE-2019-12625 clamav: denial of service via crafted message [fedora-all]2019-11-08
CVE-2019-12625 — Uncontrolled Resource Consumption | cvebase