Описание
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.102.4+dfsg-0ubuntu0.18.04.1 |
| devel | not-affected | 0.102.4+dfsg-1 |
| eoan | ignored | end of life, was needed |
| esm-infra-legacy/trusty | released | 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 |
| esm-infra/bionic | released | 0.102.4+dfsg-0ubuntu0.18.04.1 |
| esm-infra/focal | released | 0.102.4+dfsg-0ubuntu0.20.04.1 |
| esm-infra/xenial | released | 0.102.4+dfsg-0ubuntu0.16.04.1 |
| focal | released | 0.102.4+dfsg-0ubuntu0.20.04.1 |
| precise/esm | not-affected | 0.102.4+dfsg-0ubuntu0.12.04.1 |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3