Denial Of Service (DoS)

2022-05-1516:52:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.6%

JSON

clamav is vulnerable to denial of service. An attacker can crash the application through the multi-byte heap buffer overflow write where an attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

CPENameOperatorVersion
clamav:sideq0.103.0+dfsg-3
clamav:3.13eq0.103.2-r0
clamav:3.13eq0.103.1-r0
clamav:3.12eq0.103.2-r0
clamav:3.12eq0.102.3-r0
clamav:3.12eq0.102.4-r1
clamav:focaleq0.102.4+dfsg-0ubuntu0.20.04.1
clamav:focaleq0.102.2+dfsg-2ubuntu1
clamav:bioniceq0.102.4+dfsg-0ubuntu0.18.04.1
clamav:bioniceq0.103.2+dfsg-0ubuntu0.18.04.2

Name	Operator	Version
clamav:sid	eq	0.103.0+dfsg-3
clamav:3.13	eq	0.103.2-r0
clamav:3.13	eq	0.103.1-r0
clamav:3.12	eq	0.103.2-r0
clamav:3.12	eq	0.102.3-r0
clamav:3.12	eq	0.102.4-r1
clamav:focal	eq	0.102.4+dfsg-0ubuntu0.20.04.1
clamav:focal	eq	0.102.2+dfsg-2ubuntu1
clamav:bionic	eq	0.102.4+dfsg-0ubuntu0.18.04.1
clamav:bionic	eq	0.103.2+dfsg-0ubuntu0.18.04.2