#VU10318 Null pointer dereference in ClamAV - CVE-2017-12380


Vulnerability identifier: #VU10318

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12380

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ClamAV
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: ClamAV

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to input validation checking mechanisms during parsing the rfc2047 function in mbox.c during certain mail parsing functions. A remote attacker can send a specially crafted email, trigger a NULL pointer dereference condition and cause the service to crash.

Mitigation
Update to version 0.99.3.

Vulnerable software versions

ClamAV: 0.97.0 - 0.97.6, 0.98.0, 0.99.0 - 0.99.2

External links
https://blog.clamav.net/2018/01/clamav-0993-has-been-released.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Amazon Linux AMI update for clamav
Fedora EPEL 6 update for clamav
Arch Linux update for clamav
Ubuntu update for ClamAV
Arch Linux update for clamav
Null pointer dereference in clamav (Alpine package)
Ubuntu update for ClamAV
Multiple vulnerabilities in ClamAV AntiVirus
OpenSUSE Linux update for clamav
SUSE Linux update for clamav