Out-of-Bounds Read Vulnerability in ClamAV by Cisco Systems
CVE-2017-6418

5.5MEDIUM

Key Information:

Vendor

Clamav

Status
Clamav
Vendor
CVE Published:
7 August 2017

What is CVE-2017-6418?

A vulnerability exists in ClamAV version 0.99.2 that allows remote attackers to cause a denial of service through an out-of-bounds read. This can occur via specially crafted email messages, which can exploit the way libclamav handles inputs, leading to abnormal behavior and potential crashes of the application.

References

https://github.com/varsleak/varsleak-vul/blob/master/clam...
x_refsource_MISC
https://bugzilla.clamav.net/show_bug.cgi?id=11797
x_refsource_MISC
http://www.securityfocus.com/bid/100154
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.