Page 3 of 131 results (0.026 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de correo electrónico de Clam AntiVirus (ClamAV) Software versiones 0.102.0, 0.101.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://bugzilla.clamav.net/show_bug.cgi?id=12380 https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010 https://security.gentoo.org/glsa/202003-46 https://usn.ubuntu.com/4230-2 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. clamav versión 0.91.2, sufre de una excepción de coma flotante cuando usa ScanOLE2. • http://www.openwall.com/lists/oss-security/2012/03/29/2 https://access.redhat.com/security/cve/cve-2007-6745 https://security-tracker.debian.org/tracker/CVE-2007-6745 •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

There is a possible heap overflow in libclamav/fsg.c before 0.100.0. Existe un posible desbordamiento de la pila en el archivo libclamav/fsg.c versiones anteriores a la versión 0.100.0. • https://security-tracker.debian.org/tracker/CVE-2007-0899 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. Las versiones anteriores a la versión 0.101.3 de ClamAV son susceptibles a una vulnerabilidad de bomba zip donde un atacante no autenticado puede causar una condición de denegación de servicio mediante el envío de mensajes especialmente diseñados en un sistema afectado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. Una vulnerabilidad en la funcionalidad de escaneado de archivos ejecutables portátiles (PE) del software Clam AntiVirus (ClamAV) versiones 0.101.1 y anteriores, podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio en un dispositivo afectado. • https://bugzilla.clamav.net/show_bug.cgi?id=12262 https://security.gentoo.org/glsa/201904-12 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •