{"containers": {"cna": {"affected": [{"product": "ClamAV AntiVirus software versions 0.99.2 and prior", "vendor": "n/a", "versions": [{"status": "affected", "version": "ClamAV AntiVirus software versions 0.99.2 and prior"}]}], "datePublic": "2018-01-26T00:00:00", "descriptions": [{"lang": "en", "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."}], "problemTypes": [{"descriptions": [{"description": "use-after-free", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-15T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "USN-3550-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3550-1/"}, {"name": "USN-3550-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3550-2/"}, {"name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-12374", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ClamAV AntiVirus software versions 0.99.2 and prior", "version": {"version_data": [{"version_value": "ClamAV AntiVirus software versions 0.99.2 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "use-after-free"}]}]}, "references": {"reference_data": [{"name": "USN-3550-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3550-1/"}, {"name": "USN-3550-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3550-2/"}, {"name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"}, {"name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource": "CONFIRM", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"}, {"name": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "refsource": "CONFIRM", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:36:55.962Z"}, "title": "CVE Program Container", "references": [{"name": "USN-3550-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3550-1/"}, {"name": "USN-3550-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3550-2/"}, {"name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-12-02T19:11:39.633132Z", "id": "CVE-2017-12374", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T21:26:51.050Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-12374", "datePublished": "2018-01-26T20:00:00", "dateReserved": "2017-08-03T00:00:00", "dateUpdated": "2024-12-02T21:26:51.050Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://usn.ubuntu.com/3550-1/", "name": "USN-3550-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://usn.ubuntu.com/3550-2/", "name": "USN-3550-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:36:55.962Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2017-12374", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-02T19:11:39.633132Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T19:21:44.461Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "ClamAV AntiVirus software versions 0.99.2 and prior", "versions": [{"status": "affected", "version": "ClamAV AntiVirus software versions 0.99.2 and prior"}]}], "datePublic": "2018-01-26T00:00:00", "references": [{"url": "https://usn.ubuntu.com/3550-1/", "name": "USN-3550-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://usn.ubuntu.com/3550-2/", "name": "USN-3550-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "use-after-free"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2018-03-15T09:57:02"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "ClamAV AntiVirus software versions 0.99.2 and prior"}]}, "product_name": "ClamAV AntiVirus software versions 0.99.2 and prior"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://usn.ubuntu.com/3550-1/", "name": "USN-3550-1", "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/3550-2/", "name": "USN-3550-2", "refsource": "UBUNTU"}, {"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource": "MLIST"}, {"url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource": "CONFIRM"}, {"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "name": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "use-after-free"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-12374", "STATE": "PUBLIC", "ASSIGNER": "psirt@cisco.com"}}}}, "cveMetadata": {"cveId": "CVE-2017-12374", "state": "PUBLISHED", "dateUpdated": "2024-12-02T21:26:51.050Z", "dateReserved": "2017-08-03T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2018-01-26T20:00:00", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "6EBE6567-EA27-4686-9351-EA1097D52D5D", "versionEndIncluding": "0.99.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition."}, {"lang": "es", "value": "ClamAV AntiVirus, en versiones 0.99.2 y anteriores, contiene una vulnerabilidad que podr\u00eda permitir que un atacante remoto sin autenticar provoque una denegaci\u00f3n de servicio (DoS) en un sistema afectado. La vulnerabilidad se debe a la falta de mecanismos de comprobaci\u00f3n de validaci\u00f3n de entradas durante ciertas operaciones de an\u00e1lisis de email (operaciones mbox.c en mensajes devueltos). Si se explota con \u00e9xito, ClamAV podr\u00eda permitir que una variable que se\u00f1ale al cuerpo del email provoque una instancia de uso de memoria previamente liberada (use-after-free). Esto podr\u00eda conducir a una interrupci\u00f3n de servicios en el dispositivo afectado para incluir una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2017-12374", "lastModified": "2024-11-21T03:09:24.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-26T20:29:00.283", "references": [{"source": "ykramarz@cisco.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"}, {"source": "ykramarz@cisco.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"}, {"source": "ykramarz@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"}, {"source": "ykramarz@cisco.com", "url": "https://usn.ubuntu.com/3550-1/"}, {"source": "ykramarz@cisco.com", "url": "https://usn.ubuntu.com/3550-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3550-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/3550-2/"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}