CVE-2017-12375 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-601	clamav	0.99.2-1	0.99.3-1	Critical	Fixed	FS#57233

Date	Advisory	Group	Package	Severity	Type
09 Feb 2018	ASA-201802-1	AVG-601	clamav	Critical	multiple issues

References
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html https://bugzilla.clamav.net/show_bug.cgi?id=11940 https://github.com/Cisco-Talos/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209

References

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://bugzilla.clamav.net/show_bug.cgi?id=11940
https://github.com/Cisco-Talos/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209