7.8

CVE-2017-12380

Exploit

EPSS 10.53%
Veröffentlicht 26.01.2018 20:29:00
Zuletzt bearbeitet 21.11.2024 03:09:25
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version7.0

Clamav ≫ Clamav Version <= 0.99.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	10.53%	0.93

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Vendor Advisory

Release Notes

https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/3550-1/

https://usn.ubuntu.com/3550-2/

https://bugzilla.clamav.net/show_bug.cgi?id=11945

Vendor Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-12380

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12380

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12380

EUVD