7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
27.0%
A vulnerability in the filesystem image parser for Hierarchical File System
Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to
cause a denial of service (DoS) condition on an affected device. This
vulnerability is due to an incorrect check for completion when a file is
decompressed, which may result in a loop condition that could cause the
affected software to stop responding. An attacker could exploit this
vulnerability by submitting a crafted HFS+ filesystem image to be scanned
by ClamAV on an affected device. A successful exploit could allow the
attacker to cause the ClamAV scanning process to stop responding, resulting
in a DoS condition on the affected software and consuming available system
resources. For a description of this vulnerability, see the ClamAV blog .
Author | Note |
---|---|
mdeslaur | per upstream: “This issue affects versions 1.1.0, 1.0.1 through 1.0.0, 0.105.2 through 0.105.0, 0.104.4 through 0.104.0, and 0.103.8 through 0.103.0.” |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.18.04.1+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 23.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.23.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.14.04.1+esm1 | UNKNOWN |
ubuntu | 16.04 | noarch | clamav | < 0.103.9+dfsg-0ubuntu0.16.04.1+esm1 | UNKNOWN |