CVE-2017-12375
Key Information
- Vendor
- Debian
- Status
- Clamav Antivirus Software Versions 0.99.2 And Prior
- Vendor
- CVE Published:
- 26 January 2018
Summary
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.
Affected Version(s)
ClamAV AntiVirus software 0.99.2 and prior = ClamAV AntiVirus software versions 0.99.2 and prior
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
Vulnerability published.
Vulnerability Reserved.