CVE-2017-12378: Input Validation
First published: Fri Jan 26 2018(Updated: )
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian Debian Linux | =7.0 | |
| Clamav Clamav | <=0.99.2 | |
| debian/clamav | 0.103.10+dfsg-0+deb11u1 1.0.5+dfsg-1~deb12u1 1.4.1+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
- https://bugzilla.clamav.net/show_bug.cgi?id=11946
- https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html
- https://usn.ubuntu.com/3550-1/
- https://usn.ubuntu.com/3550-2/
- https://launchpad.net/bugs/cve/CVE-2017-12378
- https://github.com/vrtadmin/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4
- https://github.com/vrtadmin/clamav-devel/commit/0cf813f835e48ab0f94dd54200ceba0dc25fa1c4
- https://security-tracker.debian.org/tracker/CVE-2017-12378
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12378
- https://nvd.nist.gov/vuln/detail/CVE-2017-12378
- https://ubuntu.com/security/CVE-2017-12378
Frequently Asked Questions
What is the vulnerability ID for this ClamAV vulnerability?
The vulnerability ID for this ClamAV vulnerability is CVE-2017-12378.
What is the severity of CVE-2017-12378?
The severity of CVE-2017-12378 is high with a severity value of 5.5.
What is the affected software for CVE-2017-12378?
The affected software for CVE-2017-12378 is ClamAV AntiVirus software versions 0.99.2 and prior.
How can an unauthenticated, remote attacker exploit this vulnerability?
An unauthenticated, remote attacker can exploit this vulnerability by sending a specially crafted .tar file to an affected device.
Are there any remedies or patches available to fix this vulnerability?
Yes, there are several remedies available to fix this vulnerability, including upgrading to ClamAV version 0.103.6+dfsg-0+deb10u1 or higher, or version 0.99.3 or higher.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/remedy
- agent/weakness
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/severity
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- vendor/clamav
- canonical/clamav clamav
- version/clamav clamav/0.99.2
- package-manager/debian