CVE-2019-1785

Summary

CVE	CVE-2019-1785
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-04-08 19:29:00 UTC
Updated	2023-03-01 18:35:00 UTC
Description	A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Risk And Classification

Problem Types: CWE-22

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Clamav	Clamav	0.101.0	All	All	All
Application	Clamav	Clamav	0.101.1	All	All	All
Application	Clamav	Clamav	0.101.0	All	All	All
Application	Clamav	Clamav	0.101.1	All	All	All

References

Reference	Source	Link	Tags
ClamAV: Multiple vulnerabilities (GLSA 201904-12) — Gentoo security	GENTOO	security.gentoo.org
Bug 12284 – cli_gentemp_with_prefix traversal	MISC	bugzilla.clamav.net	Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

710172 Gentoo Linux ClamAV Multiple vulnerabilities (GLSA 201904-12)
750483 OpenSUSE Security Update for clamav (openSUSE-SU-2020:2276-1)
750485 OpenSUSE Security Update for clamav (openSUSE-SU-2020:2268-1)