CVE-2017-12378
5.5
MEDIUM
CVSS 3.1
EPSS 7.7%
Description
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.
How to fix CVE-2017-12378
To remediate CVE-2017-12378, upgrade the affected package to a fixed version below.
- —upgrade to 0.99.3-r0 or later
- —upgrade to 0.99.3~beta2+dfsg-1 or later
Is CVE-2017-12378 being exploited?
Moderate — EPSS is 7.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 0.99.3-r0
- from 0, < 0.99.3~beta2+dfsg-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |