PT-2019-5068 · Cisco+3 · Clamav+3

David Fifield

·

Publicado

2019-08-12

·

Atualizado

2026-02-06

·

CVE-2019-12625

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.101.3
Description The issue is related to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. It is also associated with incorrect cleanup or release of resources, which can be exploited by an attacker to cause a denial of service by sending specially crafted messages to the vulnerable system.
Recommendations For ClamAV versions prior to 0.101.3, update to version 0.101.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation. Avoid processing untrusted zip files until the issue is resolved.

Correção

DoS

Resource Exhaustion

Improper Resource Release

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-404

Identificadores relacionados

ALT-PU-2019-2440
ALT-PU-2019-2444
ALT-PU-2019-2602
ALT-PU-2019-2613
BDU:2020-01710
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-12625
DLA-1953-1
DLA-1953-2
MGASA-2019-0328
OPENSUSE-SU-2019:2595-1
OPENSUSE-SU-2019:2597-1
OPENSUSE-SU-2019_2595-1
OPENSUSE-SU-2019_2597-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:14231-1
SUSE-SU-2019:3053-1
SUSE-SU-2019:3066-1
SUSE-SU-2019_14231-1
SUSE-SU-2019_3053-1
SUSE-SU-2019_3066-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020_3729-1
SUSE-SU-2020_3790-1
USN-4146-1
USN-4146-2

Produtos afetados

Alt Linux
Clamav
Suse
Ubuntu