CVE-2019-12625

HIGH7.5EPSS 2.1%

clamav - security update

發布日:2019/11/5修改日:2025/11/19

也稱為:ALPINE-CVE-2019-12625DEBIAN-CVE-2019-12625

描述

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

受影響套件(3)

Alpine/clamavfrom 0, < 0.101.4-r0
Debian/clamavfrom 0, < 0.101.4+dfsg-1
Debian/clamavfrom 0, < 0.101.4+dfsg-0+deb8u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-12625
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-12625