CVE-2019-1798
published 2019-04-08CVE-2019-1798: A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an…
PriorityP422medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
1.10%
61.7th percentile
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | clamav | unspecified – 0.101.1 | — |
| clamav | clamav | <= 0.101.1 | — |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| clamav | clamav | >= 0 < 0.101.2+dfsg-1 | 0.101.2+dfsg-1 |
| debian | clamav | < clamav 0.101.2+dfsg-1 (bookworm) | clamav 0.101.2+dfsg-1 (bookworm) |
| debian | libclamunrar | < clamav 0.101.2+dfsg-1 (bookworm) | clamav 0.101.2+dfsg-1 (bookworm) |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.5MEDIUM
vendor_debian5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jpf2-6cx5-3qxh: A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
ghsa_unreviewed·2022-05-14
CVE-2019-1798 [MEDIUM] CWE-125 GHSA-jpf2-6cx5-3qxh: A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
OSV
CVE-2019-1798: A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
osv·2019-04-08·CVSS 5.5
CVE-2019-1798 [MEDIUM] CVE-2019-1798: A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
Debian
CVE-2019-1798: clamav - A vulnerability in the Portable Executable (PE) file scanning functionality of C...
vendor_debian·2019·CVSS 5.5
CVE-2019-1798 [MEDIUM] CVE-2019-1798: clamav - A vulnerability in the Portable Executable (PE) file scanning functionality of C...
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
Scope: local
bookworm: resolved (fixed in 0.101.2+dfsg-1)
bullseye: resolved (fixed in 0.101.2+dfsg-1)
forky: resolved (
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
bugzilla·2019-04-29·CVSS 7.5
CVE-2019-17007 [HIGH] CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
Main entrypoint for decoding DER blobs in NSS, CERT_DecodeCertPackage() mishandles old Netscape Certificate Sequences, with possible crash as NULL pointer is dereferenced, leading to DoS.
External References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
Discussion:
Created nss tracking bugs for this issue:
Affects: fedora-all [bug 1703987]
---
Upstream commit: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
---
This vulnerability is out of security support scope for the following product:
* Red Hat Enterprise Application Platform 6
Please refer to https://access.redhat.com/support/policy/updates/jb
Bugzilla
CVE-2019-1798 clamav: use-after-free results in improper error validation
bugzilla·2019-04-04·CVSS 5.5
CVE-2019-1798 [MEDIUM] CVE-2019-1798 clamav: use-after-free results in improper error validation
CVE-2019-1798 clamav: use-after-free results in improper error validation
A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives.
Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
Discussion:
Created clamav tracking bugs for this issue:
Affects: fedora-all [bug 1696145]
---
Created clamav tracking bugs for this issue:
Affects: epel-all [bug 1696146]
---
As per https://lists.clamav.net/pipermail/clamav-announce/2019/000038.html the ClamAV 0.100.2 shipped in EPEL 6 is not affected.
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individu
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issu
Bugzilla
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
bugzilla·2019-04-04·CVSS 7.8
CVE-2019-1785 [HIGH] CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this
2019-04-08
Published