Unrated severityNVD Advisory· Published Apr 8, 2019· Updated Nov 19, 2024

Clam AntiVirus RAR Directory Traversal Vulnerability

CVE-2019-1785

Description

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Affected products

Cisco Systems, Inc./Clamavv5
Range: 0.101.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/201904-12mitrevendor-advisoryx_refsource_GENTOO
bugzilla.clamav.net/show_bug.cgimitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000