Описание
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.1.1 (исключая)
cpe:2.3:a:clamxav:clamxav:*:*:*:*:*:*:*:*
EPSS
Процентиль: 7%
0.00027
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-345
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
EPSS
Процентиль: 7%
0.00027
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-345