OSV-2024-1274

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/clamav/OSV-2024-1274.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2024-1274

Published

2024-11-05T00:04:03.220856Z

Modified

2025-06-03T14:42:15.782999Z

Summary

Segv on unknown address in yara_yyparse

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376515523

Crash type: Segv on unknown address
Crash state:
yara_yyparse
yr_lex_parse_rules_file
cli_loadyara

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376515523

Affected packages

OSS-Fuzz / clamav

Package

Name: clamav
Purl: pkg:generic/clamav

Affected ranges

Type: GIT
Repo: https://github.com/Cisco-Talos/clamav.git
Events: Introduced

428cd7951827535fdc50425f963eb2878fc39cc1

Introduced

e5f001c9ca4175beecd445004a8e01bbdd29579c

Fixed

e86919789fa7550445bdac9dc5357168cfba4754

Affected versions

clamav-0.*

clamav-0.104.3

clamav-0.104.4

clamav-0.105.0

clamav-0.105.0-rc

clamav-0.105.0-rc2

clamav-0.105.1

clamav-0.105.2

clamav-1.*

clamav-1.0.0

clamav-1.0.0-rc

clamav-1.0.0-rc2

clamav-1.0.1

clamav-1.0.2

clamav-1.0.3

clamav-1.0.4

clamav-1.0.5

clamav-1.0.6

clamav-1.0.7

clamav-1.0.8

clamav-1.1.0

clamav-1.1.0-rc

clamav-1.1.1

clamav-1.1.2

clamav-1.1.3

clamav-1.2.0

clamav-1.2.0-rc

clamav-1.2.1

clamav-1.2.2

clamav-1.2.3

clamav-1.3.0

clamav-1.3.0-rc

clamav-1.3.0-rc2

clamav-1.3.1

clamav-1.3.2

clamav-1.4.0

clamav-1.4.0-rc

clamav-1.4.1

clamav-1.4.2

clamav-1.5.0-beta

Ecosystem specific

{
    "severity": null
}

Database specific

fixed_range

"640413d9c5c116a9cbf07bc864162aa0745d38af:e86919789fa7550445bdac9dc5357168cfba4754"

introduced_range

"d9a584b39fb694adc5740b666cba0242b55f774a:0037f5825b0b17a789c7eb29c9cb9a2d39c452bc"

source

"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/clamav/OSV-2024-1274.yaml"