ClamAV versions 0.101.3 Improper Resource Shutdown or Release Vulnerability

Summary

ClamAV versions 0.101.3 suffers from improper resource shutdown or release vulnerability. 

Credit:

The information has been provided by Martin Simmons

The original article can be found at:https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html

 


Details

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

 

Vulnerable Systems:

ClamAV versions prior to 0.101.3

 

CVE Information:

CVE-2019-12625

Disclosure Timeline:
Published Date:11/5/2019