Home > Vulnerability Database > CVE-2019-1798

Mend.io Vulnerability Database

CVE-2019-1798

Good to know:

Date: April 8, 2019

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

Language: C++

Severity Score

5.5

Related Resources (5)

Url: https://security.gentoo.org/glsa/201904-12

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-1798

Url: https://security-tracker.debian.org/tracker/CVE-2019-1798

Url: https://bugzilla.clamav.net/show_bug.cgi?id=12262

Url: https://www.mend.io/vulnerability-database/CVE-2019-1798

Severity Score

5.5

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version clamav-0.101.2

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-1798

Good to know:

Date: April 8, 2019

Language: C++

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?