Unrated severityNVD Advisory· Published Nov 5, 2019· Updated Nov 19, 2024

ClamAV Zip Bomb Vulnerability

CVE-2019-12625

Description

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

Affected products

Cisco Systems, Inc./Clamavv5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.htmlmitrevendor-advisoryx_refsource_SUSE
blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000