CVE-2019-1789

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read12 documents7 sources
Severity
7.5HIGH
EPSS
0.6%
top 30.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco ClamavClamav Clamav
Timeline
PublishedNov 5
Latest updateMay 24

Description

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5cisco/clamavunspecified0.100.3
NVDclamav/clamav< 0.101.2
Debianclamav< 0.101.2+dfsg-1+3

🔴Vulnerability Details

4
GHSA
GHSA-ccg9-2v2c-6xww: ClamAV versions prior to 02022-05-24
OSV
CVE-2019-1789: ClamAV versions prior to 02019-11-05
CVEList
ClamAV Denial of Service Vulnerability2019-11-05
OSV
clamav vulnerabilities2019-04-08

📋Vendor Advisories

3
Ubuntu
ClamAV vulnerabilities2019-04-08
Ubuntu
ClamAV vulnerabilities2019-04-08
Debian
CVE-2019-1789: clamav - ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vu...2019

💬Community

4
Bugzilla
CVE-2019-10171 389-ds-base: Insufficient fix for CVE-2018-14648 denial of service in RHEL-7.52019-06-19
Bugzilla
CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE files2019-04-04
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]2019-04-04
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]2019-04-04
CVE-2019-1789 (HIGH CVSS 7.5) | ClamAV versions prior to 0.101.2 ar | cvebase.io