CVE-2019-1789

Published: Nov 5, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

Affected (1)

Products: Clamav: Clamav

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Clamav Clamav	Before 0.101.2

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Source: psirt@cisco.com

Vendor Advisory

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.