PT-2018-13007 · Cisco+3 · Clamav+3

Publicado

2018-10-08

Atualizado

2024-06-15

CVE-2018-15378

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.100.2

Description A denial of service (DoS) condition can be caused by an attacker due to an error related to the MEW unpacker within the unmew11() function, which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Recommendations For ClamAV versions prior to 0.100.2, update to version 0.100.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unmew11() function in the libclamav/mew.c module until a patch is available.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-2498

CVE-2018-15378

DLA-1553-1

MGASA-2018-0406

OPENSUSE-SU-2018_3315-1

OPENSUSE-SU-2018_3505-1

OPENSUSE-SU-2024:10685-1

SUSE-SU-2018:3250-1

SUSE-SU-2018:3436-1

SUSE-SU-2018:3436-2

SUSE-SU-2018:3441-1

USN-3789-1

USN-3789-2

Produtos afetados

Alt Linux

Clamav

Suse

Ubuntu

PT-2018-13007 · Cisco+3 · Clamav+3

CVE-2018-15378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 111