7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
27.0%
libclamav.so is vulnerable to Denial of Service (DoS) attacks. The vulnerability is caused by an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding, resulting in denial of service conditions.
bugzilla.suse.com/show_bug.cgi?id=1214342
github.com/advisories/GHSA-r7mw-p665-4533
lists.debian.org/debian-lts-announce/2023/08/msg00033.html
lists.fedoraproject.org/archives/list/[email protected]/message/IISWNZUBAQL4MNBRKLDYG3SHTEGP5KEO/
lists.fedoraproject.org/archives/list/[email protected]/message/J2XCIZFCCDDZ34XRMTQNAHAHMVQB66U5/
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee