漏洞标题
N/A
漏洞描述信息
2023年2月15日,ClamAV扫描库中发现了一个漏洞:ClamAV 1.0.0及以上版本、0.105.1及以上版本以及0.103.7及以上版本的 HFS+分区文件解析器存在漏洞,可能导致无验证的远程攻击者执行任意代码。该漏洞是由于缺少缓冲区大小检查,可能导致堆缓冲区溢出写入。攻击者可以通过在受影响设备上提交一个精心构造的HFS+分区文件,让ClamAV对其进行扫描来利用此漏洞。成功的利用可以让攻击者以ClamAV扫描进程的权限执行任意代码,或者导致进程崩溃,从而触发拒绝服务(DoS)条件。有关此漏洞的详细信息,请参阅ClamAV博客([https://blog.clamav.net/)]。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.
This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.
For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
漏洞标题
ClamAV 缓冲区错误漏洞
漏洞描述信息
ClamAV(Clam AntiVirus)是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV存在缓冲区错误漏洞,该漏洞源于缺少缓冲区大小检查,可能导致堆缓冲区溢出写入,未经身份验证的远程攻击者利用该漏洞可以执行任意代码。
CVSS信息
N/A
漏洞类别
缓冲区错误