CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-1785

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 82.7%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 6.8

References

https://bugzilla.clamav.net/show_bug.cgi?id=12284
https://security.gentoo.org/glsa/201904-12
https://bugzilla.clamav.net/show_bug.cgi?id=12284
https://security.gentoo.org/glsa/201904-12

Products affected by CVE-2019-1785

Clamav » Clamav » Version: 0.101.0

cpe:2.3:a:clamav:clamav:0.101.0
Clamav » Clamav » Version: 0.101.1

cpe:2.3:a:clamav:clamav:0.101.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-1785

Products

Pricing

Contact Us