PT-2019-15252 · Cisco+2 · Clamav+2

Publicado

2019-03-28

Atualizado

2024-06-15

CVE-2019-1785

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClamAV versions 0.101.0 through 0.101.1

Description A denial of service condition can be caused by an unauthenticated, remote attacker on an affected device due to improper error-handling mechanisms when processing nested RAR files. An attacker could exploit this by sending a crafted RAR file, potentially allowing them to view or create arbitrary files on the targeted system.

Recommendations For ClamAV versions 0.101.0 and 0.101.1, consider disabling the RAR file scanning functionality as a temporary workaround until a patch is available. Restrict access to the affected device to minimize the risk of exploitation.

Correção

DoS

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-22

Identificadores relacionados

ALT-PU-2019-1538

CVE-2019-1785

OPENSUSE-SU-2020:2268-1

OPENSUSE-SU-2020:2276-1

OPENSUSE-SU-2020_2268-1

OPENSUSE-SU-2020_2276-1

OPENSUSE-SU-2024:10685-1

SUSE-SU-2020:3790-1

Produtos afetados

Alt Linux

Clamav

Suse

PT-2019-15252 · Cisco+2 · Clamav+2

CVE-2019-1785

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 113