Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
Vulnerability Description
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
资源管理错误
Vulnerability Title
ClamAV 资源管理错误漏洞
Vulnerability Description
ClamAV(Clam AntiVirus)是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.104.0版本到0.104.2版本 0.103版本到0.103.5版本存在资源管理错误漏洞,该漏洞源于TIFF文件解析器中的无限循环。远程攻击者可以消耗所有可用的系统资源利用该漏洞实现拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A