Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-457
HistoryDec 08, 2014 - 1:12 p.m.

Low: clamav

2014-12-0813:12:00
alas.aws.amazon.com
10

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.131 Low

EPSS

Percentile

95.5%

JSON

Issue Overview:

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

Affected Packages:

clamav

Issue Correction:
Run yum update clamav to update your system.

New Packages:

i686:  
    clamav-server-0.98.5-1.10.amzn1.i686  
    clamav-milter-0.98.5-1.10.amzn1.i686  
    clamd-0.98.5-1.10.amzn1.i686  
    clamav-update-0.98.5-1.10.amzn1.i686  
    clamav-0.98.5-1.10.amzn1.i686  
    clamav-db-0.98.5-1.10.amzn1.i686  
    clamav-debuginfo-0.98.5-1.10.amzn1.i686  
    clamav-lib-0.98.5-1.10.amzn1.i686  
    clamav-devel-0.98.5-1.10.amzn1.i686  
  
noarch:  
    clamav-data-empty-0.98.5-1.10.amzn1.noarch  
    clamav-scanner-sysvinit-0.98.5-1.10.amzn1.noarch  
    clamav-data-0.98.5-1.10.amzn1.noarch  
    clamav-scanner-0.98.5-1.10.amzn1.noarch  
    clamav-filesystem-0.98.5-1.10.amzn1.noarch  
    clamav-server-sysvinit-0.98.5-1.10.amzn1.noarch  
    clamav-milter-sysvinit-0.98.5-1.10.amzn1.noarch  
  
src:  
    clamav-0.98.5-1.10.amzn1.src  
  
x86_64:  
    clamd-0.98.5-1.10.amzn1.x86_64  
    clamav-server-0.98.5-1.10.amzn1.x86_64  
    clamav-0.98.5-1.10.amzn1.x86_64  
    clamav-update-0.98.5-1.10.amzn1.x86_64  
    clamav-lib-0.98.5-1.10.amzn1.x86_64  
    clamav-devel-0.98.5-1.10.amzn1.x86_64  
    clamav-debuginfo-0.98.5-1.10.amzn1.x86_64  
    clamav-db-0.98.5-1.10.amzn1.x86_64  
    clamav-milter-0.98.5-1.10.amzn1.x86_64

Additional References

Red Hat: CVE-2013-6497

Mitre: CVE-2013-6497

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686clamav-server< 0.98.5-1.10.amzn1clamav-server-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-milter< 0.98.5-1.10.amzn1clamav-milter-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamd< 0.98.5-1.10.amzn1clamd-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-update< 0.98.5-1.10.amzn1clamav-update-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav< 0.98.5-1.10.amzn1clamav-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-db< 0.98.5-1.10.amzn1clamav-db-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-debuginfo< 0.98.5-1.10.amzn1clamav-debuginfo-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-lib< 0.98.5-1.10.amzn1clamav-lib-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1i686clamav-devel< 0.98.5-1.10.amzn1clamav-devel-0.98.5-1.10.amzn1.i686.rpm
Amazon Linux1noarchclamav-data-empty< 0.98.5-1.10.amzn1clamav-data-empty-0.98.5-1.10.amzn1.noarch.rpm
Rows per page:
1-10 of 251

Related

nessus 13
ubuntucve 1
prion 1
debiancve 1
openvas 14
cve 1
fedora 3
archlinux 1
nvd 1
cvelist 1
osv 1
debian 1
ubuntu 2
securityvulns 2
suse 4
mageia 1
nessus
nessus
Fedora 20 : clamav-0.98.5-1.fc20 (2014-15473)
2014-11-24 00:00:00
Amazon Linux AMI : clamav (ALAS-2014-457)
2014-12-10 00:00:00
Mandriva Linux Security Advisory : clamav (MDVSA-2014:217)
2014-11-21 00:00:00
ubuntucve
ubuntucve
CVE-2013-6497
2013-12-31 00:00:00
prion
prion
Code injection
2014-12-01 15:59:00
debiancve
debiancve
CVE-2013-6497
2014-12-01 15:59:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-457)
2015-09-08 00:00:00
Fedora Update for clamav FEDORA-2014-15473
2014-11-23 00:00:00
Fedora Update for clamav FEDORA-2014-15434
2015-01-05 00:00:00
cve
cve
CVE-2013-6497
2014-12-01 15:59:00
fedora
fedora
[SECURITY] Fedora 20 Update: clamav-0.98.5-1.fc20
2014-11-22 12:39:19
[SECURITY] Fedora 21 Update: clamav-0.98.5-1.fc21
2014-12-06 10:32:13
[SECURITY] Fedora 19 Update: clamav-0.98.5-1.fc19
2014-11-27 08:37:32
archlinux
archlinux
clamav: denial of service
2014-11-20 00:00:00
nvd
nvd
CVE-2013-6497
2014-12-01 15:59:00
cvelist
cvelist
CVE-2013-6497
2014-12-01 15:00:00
osv
osv
clamav - security update
2014-12-02 00:00:00
debian
debian
[SECURITY] [DLA 95-1] clamav security update
2014-12-02 21:37:38
ubuntu
ubuntu
ClamAV vulnerability
2015-02-12 00:00:00
ClamAV vulnerabilities
2014-11-26 00:00:00
securityvulns
securityvulns
[USN-2423-1] ClamAV vulnerabilities
2014-11-30 00:00:00
ClamAV memory corruptions
2014-11-30 00:00:00
suse
suse
Security update for clamav (important)
2014-12-05 10:04:48
Security update for clamav (important)
2014-12-05 21:04:59
Security update for clamav (important)
2014-12-21 19:04:40
mageia
mageia
Updated clamav packages fix security vulnerabilities
2014-11-26 13:14:01

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.131 Low

EPSS

Percentile

95.5%

JSON
Related for ALAS-2014-457
nessus13ubuntucve1prion1debiancve1openvas14cve1fedora3archlinux1nvd1cvelist1osv1debian1ubuntu2securityvulns2suse4mageia1