Lucene search

K
cve[email protected]CVE-2012-1419
HistoryMar 21, 2012 - 10:11 a.m.

CVE-2012-1419

2012-03-2110:11:47
CWE-264
web.nvd.nist.gov
27
cve-2012-1419
clamav
quick heal
tar file parser
remote attackers
malware detection
security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected configurations

NVD
Node
catquick_healMatch11.00
OR
clamavclamavMatch0.96.4

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.3 Medium

AI Score

Confidence

Low

0.926 High

EPSS

Percentile

99.0%