CVE-2017-12379

high-risk
Published 2018-01-26

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.

Do I need to act?

!
15.7% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Debian Clamav

References (10)

Release Notes http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
Exploit https://bugzilla.clamav.net/show_bug.cgi?id=11944
Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html
https://usn.ubuntu.com/3550-1/
https://usn.ubuntu.com/3550-2/
Release Notes http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
Exploit https://bugzilla.clamav.net/show_bug.cgi?id=11944
Mailing List https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html
https://usn.ubuntu.com/3550-1/
https://usn.ubuntu.com/3550-2/
52
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 13/34 · Low
Exposure 7/34 · Low