CVE-2019-1798

Clam AntiVirus PE File Out-of-Bounds Read Vulnerability

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Una vulnerabilidad en la funcionalidad de escaneado de archivos ejecutables portátiles (PE) del software Clam AntiVirus (ClamAV) versiones 0.101.1 y anteriores, podría permitir que un atacante remoto no autenticado cause una condición de denegación de servicio en un dispositivo afectado. La vulnerabilidad es debido a la falta de mecanismos de comprobación de entrada y validación apropiados para los archivos PE enviados al dispositivo afectado. Un atacante podría explotar esta vulnerabilidad enviando archivos PE malformados al dispositivo que ejecuta una versión afectada del software ClamAV. Una vulnerabilidad podría permitirle al atacante causar una condición de lectura fuera de límites, resultando en un bloqueo que podría generar una condición de denegación de servicio en un dispositivo afectado

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2018-12-06 CVE Reserved
2019-03-27 CVE Published
2023-03-07 EPSS Updated
2024-11-19 CVE Updated
2024-11-19 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-125: Out-of-bounds Read

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://bugzilla.clamav.net/show_bug.cgi?id=12262	2024-11-19

URL	Date	SRC

URL	Date	SRC
https://security.gentoo.org/glsa/201904-12	2023-03-24

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Clamav Search vendor "Clamav"		Clamav Search vendor "Clamav" for product "Clamav"				<= 0.101.1 Search vendor "Clamav" for product "Clamav" and version " <= 0.101.1"		-		Affected