Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat
Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer
overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable,
which allows the attacker to write out of bounds when setting Mem[DestPos]. (CVE-2012-6706)
- mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial
of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact
via a crafted CHM file. (CVE-2017-6419)
- The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other
products, allows remote attackers to cause a denial of service (stack-based buffer over-read and
application crash) via a crafted CAB file. (CVE-2017-11423)
- clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote
attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to
improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to
an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a
crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans
the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and
pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400. (CVE-2018-0202)
- ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser,
function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability
appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6. (CVE-2018-1000085)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 6/22/2017