7.5

CVE-2026-20216

Medienbericht

ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability

A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.

This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Endpoint SwPlatformmacos Version < 1.27.2
CiscoSecure Endpoint SwPlatformlinux Version < 1.29.0
CiscoSecure Endpoint SwPlatformwindows Version < 8.6.2
ClamavClamav Version < 1.4.5
ClamavClamav Version >= 1.5.0 < 1.5.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.309
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
06.07.2026 15:32
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR
Vendor Advisory