CVE-2019-1785
published 2019-04-08CVE-2019-1785: A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote…
PriorityP343high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.80%
75.8th percentile
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | clamav | — | — |
| cisco | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | — | — |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| debian | clamav | < clamav 0.101.2+dfsg-1 (bookworm) | clamav 0.101.2+dfsg-1 (bookworm) |
| debian | libclamunrar | < clamav 0.101.2+dfsg-1 (bookworm) | clamav 0.101.2+dfsg-1 (bookworm) |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qx8r-9782-gh9f: A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
ghsa_unreviewed·2022-05-14
CVE-2019-1785 [HIGH] CWE-22 GHSA-qx8r-9782-gh9f: A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
OSV
CVE-2019-1785: A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
osv·2019-04-08·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785: A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
Debian
CVE-2019-1785: clamav - A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV...
vendor_debian·2019·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785: clamav - A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV...
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.
Scope: local
bookworm: resolved (fixed in 0.101.2+dfsg-1)
bullseye: resolved (fixed in 0.101.2+dfsg-1)
forky: resolved (fixed in 0.101.2+dfsg-1)
sid: resolved (fixed in 0.101.2+dfsg-1)
trixie: resolved (fixed in 0.101.2+dfsg-1)
No detection rules found.
No public exploits indexed.
arXiv
HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing
arxiv_fulltext·2024-07-05
HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing
frontmatter
HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing
HuntFUZZ: Enhancing Error Handling Testing through Clustering Based Fuzzing
aug
[A,B]Jin Wei [label=e1][email protected]
[B,C]Ping Chen [label=e2][email protected] author. e2.
[D]Jun Dai [label=e3]
[D]Xiaoyan Sun [label=e4]
[A]Zhihao Zhang [label=e5]
[A]Chang Xu [label=e6]
[A]Yi Wang [label=e7]
[A]School of Computer Science, Fudan University, Shanghai, China [presep=\ e1
[B]Institute of BigData, Fudan University, Shanghai, China [presep=\ e2
[C]Purple Mountain Laboratories, Nanjing, China
[D]Worcester Polytechnic Institute, Massachusetts, USA
aug
## Abstract
Testing a program's capability to effectively handling errors is a significant challenge, given that program errors are rel
Bugzilla
CVE-2019-1785 clamav: path-traversal write results in improper input validation
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785 clamav: path-traversal write results in improper input validation
CVE-2019-1785 clamav: path-traversal write results in improper input validation
A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives. Issue reported by aCaB.
Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
Discussion:
Created clamav tracking bugs for this issue:
Affects: fedora-all [bug 1696145]
---
Created clamav tracking bugs for this issue:
Affects: epel-all [bug 1696146]
---
As per https://lists.clamav.net/pipermail/clamav-announce/2019/000038.html the ClamAV 0.100.2 shipped in EPEL 6 is not affected.
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bu
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
2019-04-08
Published