icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ClamAV < 0.97.2 'cli_hm_scan' Denial of Service

Medium

Synopsis

The remote host is running an anti-virus application that is vulnerable to a denial of service attack.

Description

Versions of ClamAV earlier than 0.97.2 are potentially affected by a denial of service vulnerability. An off-by-one error exists in the 'cli_hm_scan' function in the file 'libclamav/matcher-hash.c' that can be exploited by a specially crafted message causing the clamd daemon to crash.

Solution

Upgrade to ClamAV 0.97.2 or later.