CVE-2019-1798
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD
Description
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.
Affected (1)
Related CWEs
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
References (4)
Source: psirt@cisco.com
ExploitIssue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.