Denial of service in clamav
Vulnerability details
A Denial-of-Service can occur when a specially crafted email file is analyzed by clamav.
Impacted products
Revisions
Version |
Date |
Description |
v1 |
|
Initial release |
Stormshield Network Security |
CVSS v2 Overall Score: 4.2 
|
Analysis
|
Impacted version
|
ClamAV can potentially consume huge amount of resources
|
|
Workaround solution
|
Solution
|
Use Kaspersky antivirus engine as an alternative, or turn ClamAV off.
|
The SNS 3.7.10, 3.10.1 and 4.0.1 updates will fix this vulnerability.
|
Access vector |
Access complexity |
Authentication |
Confidentiality impact |
Integrity impact |
Availability impact |
Network |
Low |
None |
None |
None |
Partial |
Exploitability |
Remediation Level |
Report Confidence |
Proof of concept code |
Workaround |
Confirmed |
Collateral Damage Potential |
Target Distribution |
None |
High [76-100%] |