CVE-2019-1785

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-1785
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-1785.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-1785
Related
Published
2019-04-08T19:29:05Z
Modified
2024-09-18T03:04:03.896254Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

References

Affected packages

Debian:11 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2+dfsg-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:11 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / libclamunrar

Package

Name
libclamunrar
Purl
pkg:deb/debian/libclamunrar?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.101.2-1

Affected versions

0.*

0.95.1-1
0.95.2-1
0.95.3-1~volatile1
0.95.3-1
0.96-1
0.96-2~volatile1
0.96-2
0.96.4-1~volatile1
0.96.4-1
0.98.1-1
0.98.5-1
0.99-1
0.99-2
0.99-3
0.99-4
0.100.0-1
0.100.1-1
0.101.1-1
0.101.1-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Git / github.com/cisco-talos/clamav

Affected ranges

Type
GIT
Repo
https://github.com/cisco-talos/clamav
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
077cf7859080798aa2d51401b35fe3f5ff5d334f
Last affected
5ba88cab5122dda63ef2d3194c923a3f948966e5

Affected versions

clamav-0.*

clamav-0.101.0
clamav-0.101.1
clamav-0.96
clamav-0.96.2
clamav-0.96.3
clamav-0.96.4
clamav-0.96.5
clamav-0.96rc1
clamav-0.96rc2
clamav-0.97
clamav-0.97rc
clamav-0.98-dmgxar
clamav-0.99-beta1

Other

merge-llvm-79908
merge-llvm-80601
merge-llvm-83242
merge-llvm-90002
merge-llvm-91214
merge-llvm-91428
merge-llvm-92222
merge-llvm-94539
merge-llvm-97877
r5076