7.5
CVE-2026-20216
- EPSS 0.39%
- Veröffentlicht 01.07.2026 16:27:51
- Zuletzt bearbeitet 09.07.2026 18:09:19
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Secure Endpoint SwPlatformmacos Version < 1.27.2
Cisco ≫ Secure Endpoint SwPlatformlinux Version < 1.29.0
Cisco ≫ Secure Endpoint SwPlatformwindows Version < 8.6.2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.39% | 0.309 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR