CVE-2017-11423 log
Source |
|
Severity | Medium |
Remote | Yes |
Type | Denial of service |
Description | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-603 | libmspack | 0.5alpha-1 | 1:0.6alpha-1 | Critical | Fixed | |
AVG-602 | clamav | 0.99.3-1 | 0.99.4-1 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
18 Mar 2018 | ASA-201803-14 | AVG-602 | clamav | Critical | multiple issues |
20 Feb 2018 | ASA-201802-9 | AVG-603 | libmspack | Critical | multiple issues |
Notes |
---|
ClamAV uses the libmspack system library when available. |