CVE-2019-1789

MEDIUM

Description

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

References

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

Details

Source: MITRE

Published: 2019-11-05

Updated: 2019-11-07

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
145338openSUSE Security Update : clamav (openSUSE-2020-2268)NessusSuSE Local Security Checks
high
145307openSUSE Security Update : clamav (openSUSE-2020-2276)NessusSuSE Local Security Checks
high
144237SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2020:3790-1)NessusSuSE Local Security Checks
high
125295Amazon Linux AMI : clamav (ALAS-2019-1213)NessusAmazon Linux Local Security Checks
medium
124217Debian DLA-1759-1 : clamav security updateNessusDebian Local Security Checks
medium
124103openSUSE Security Update : clamav (openSUSE-2019-1210)NessusSuSE Local Security Checks
medium
124101openSUSE Security Update : clamav (openSUSE-2019-1208)NessusSuSE Local Security Checks
medium
123984GLSA-201904-12 : ClamAV: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
123972SUSE SLES11 Security Update : clamav (SUSE-SU-2019:14015-1)NessusSuSE Local Security Checks
medium
123932Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : clamav vulnerabilities (USN-3940-1)NessusUbuntu Local Security Checks
medium
123923SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:0897-1)NessusSuSE Local Security Checks
medium
123809FreeBSD : clamav -- multiple vulnerabilities (84ce26c3-5769-11e9-abd6-001b217b3468)NessusFreeBSD Local Security Checks
medium
123749SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:0861-1)NessusSuSE Local Security Checks
medium