Page 4 of 91 results (0.010 seconds)

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de correo electrónico de Clam AntiVirus (ClamAV) Software versiones 0.102.0, 0.101.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://bugzilla.clamav.net/show_bug.cgi?id=12380 https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010 https://security.gentoo.org/glsa/202003-46 https://usn.ubuntu.com/4230-2 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. clamav versión 0.91.2, sufre de una excepción de coma flotante cuando usa ScanOLE2. • http://www.openwall.com/lists/oss-security/2012/03/29/2 https://access.redhat.com/security/cve/cve-2007-6745 https://security-tracker.debian.org/tracker/CVE-2007-6745 •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

There is a possible heap overflow in libclamav/fsg.c before 0.100.0. Existe un posible desbordamiento de la pila en el archivo libclamav/fsg.c versiones anteriores a la versión 0.100.0. • https://security-tracker.debian.org/tracker/CVE-2007-0899 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. Las versiones anteriores a la versión 0.101.3 de ClamAV son susceptibles a una vulnerabilidad de bomba zip donde un atacante no autenticado puede causar una condición de denegación de servicio mediante el envío de mensajes especialmente diseñados en un sistema afectado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. Una vulnerabilidad en la funcionalidad de análisis de archivos RAR del software Clam AntiVirus (ClamAV) versiones 0.101.1 y 0.101.0 podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio en un dispositivo afectado. • https://bugzilla.clamav.net/show_bug.cgi?id=12284 https://security.gentoo.org/glsa/201904-12 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •