Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
跨界内存读
Vulnerability Title
ClamAV AntiVirus 缓冲区错误漏洞
Vulnerability Description
Clam AntiVirus是Clamav团队的一款用于检测木马,病毒,恶意软件和其他恶意威胁的开源杀毒引擎。 Clam AntiVirus 0.104.0版本到0.104.2版本 0.103版本到0.103.5版本存在安全漏洞,该漏洞源于签名数据库加载模块中的边界错误。远程攻击者可以将特制数据传递给应用程序,触发基于堆的缓冲区溢出利用该漏洞在目标系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A