Vulnerabilities > CVE-2018-15378 - Out-of-bounds Read vulnerability in multiple products

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL

Summary

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Vulnerable Configurations

Part Description Count
Application
Clamav
162
OS
Debian
1
OS
Canonical
4

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-847FE2ED61.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2019-01-03
    plugin id120579
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120579
    titleFedora 29 : clamav (2018-847fe2ed61)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2018-847fe2ed61.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(120579);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-14679", "CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378");
      script_xref(name:"FEDORA", value:"2018-847fe2ed61");
    
      script_name(english:"Fedora 29 : clamav (2018-847fe2ed61)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "ClamAV 0.100.2 has been released! This is a patch release to address
    several vulnerabilities.
    
    Fixes for the following ClamAV vulnerabilities: CVE-2018-15378:
    Vulnerability in ClamAV's MEW unpacking feature that could allow an
    unauthenticated, remote attacker to cause a denial-of-service (DoS)
    condition on an affected device. Reported by Secunia Research at
    Flexera. Fix for a two-byte buffer over-read bug in ClamAV's PDF
    parsing code. Reported by Alex Gaynor. Fixes for the following
    vulnerabilities in bundled third-party libraries: CVE-2018-14680: An
    issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It
    does not reject blank CHM filenames. CVE-2018-14681: An issue was
    discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before
    0.7alpha. Bad KWAJ file header extensions could cause a one- or
    two-byte overwrite. CVE-2018-14682: An issue was discovered in
    mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one
    error in the TOLOWER() macro for CHM decompression. Additionally,
    0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied
    libmspack's version of the fix in its place
    
    Other changes: Some users have reported freshclam signature
    update failures as a result of a delay between the time the
    new signature database content is announced and the time
    that the content-delivery-network has the content available
    for download. To mitigate these errors, this patch release
    includes some modifications to freshclam to make it more
    lenient, and to reduce the time that freshclam will ignore a
    mirror when it detects an issue. On-Access 'Extra Scanning,'
    an opt-in minor feature of OnAccess scanning on Linux
    systems, has been disabled due to a known issue with
    resource cleanup OnAccessExtraScanning will be re-enabled in
    a future release when the issue is resolved. In the
    mean-time, users who enabled the feature in clamd.conf will
    see a warning informing them that the feature is not active.
    For details, click here.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-847fe2ed61"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected clamav package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:29");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^29([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 29", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC29", reference:"clamav-0.100.2-2.fc29")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3441-1.NASL
    descriptionThis update for clamav fixes the following issues : Clamav was updated to version 0.100.2 : CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id118455
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118455
    titleSUSE SLES11 Security Update : clamav (SUSE-SU-2018:3441-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:3441-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118455);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:49");
    
      script_cve_id("CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378");
    
      script_name(english:"SUSE SLES11 Security Update : clamav (SUSE-SU-2018:3441-1)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for clamav fixes the following issues :
    
    Clamav was updated to version 0.100.2 :
    
    CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking feature that
    could allow an unauthenticated, remote attacker to cause a denial of
    service (DoS) condition on an affected device. (bsc#1110723)
    
    CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more fixes for
    embedded libmspack. (bsc#1103040)
    
    Make freshclam more robust against lagging signature mirrors.
    
    On-Access 'Extra Scanning', an opt-in minor feature of OnAccess
    scanning on Linux systems, has been disabled due to a known issue with
    resource cleanup OnAccessExtraScanning will be re-enabled in a future
    release when the issue is resolved. In the mean-time, users who
    enabled the feature in clamd.conf will see a warning informing them
    that the feature is not active. For details, see:
    https://bugzilla.clamav.net/show_bug.cgi?id=12048
    
    Restore exit code compatibility of freshclam with versions before
    0.100.0 when the virus database is already up to date (bsc#1104457).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.clamav.net/show_bug.cgi?id=12048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1104457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14680/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14681/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-14682/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-15378/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20183441-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?17789526"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-clamav-13841=1
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-clamav-13841=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-clamav-13841=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-clamav-13841=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-clamav-13841=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:clamav");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"clamav-0.100.2-0.20.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"clamav-0.100.2-0.20.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-821.NASL
    descriptionThis update for clamav fixes the following issues : clamav was updated to version 0.100.2. Following security issues were fixed : - CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id123346
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123346
    titleopenSUSE Security Update : clamav (openSUSE-2019-821)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-821.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123346);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/30");
    
      script_cve_id("CVE-2018-14680", "CVE-2018-14681", "CVE-2018-14682", "CVE-2018-15378");
    
      script_name(english:"openSUSE Security Update : clamav (openSUSE-2019-821)");
      script_summary(english:"Check for the openSUSE-2019-821 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for clamav fixes the following issues :
    
    clamav was updated to version 0.100.2.
    
    Following security issues were fixed :
    
      - CVE-2018-15378: Vulnerability in ClamAV's MEW unpacking
        feature that could allow an unauthenticated, remote
        attacker to cause a denial of service (DoS) condition on
        an affected device. (bsc#1110723)
    
      - CVE-2018-14680, CVE-2018-14681, CVE-2018-14682: more
        fixes for embedded libmspack. (bsc#1103040)
    
    Following non-security issues were addressed :
    
      - Make freshclam more robust against lagging signature
        mirrors.
    
      - On-Access 'Extra Scanning', an opt-in minor feature of
        OnAccess scanning on Linux systems, has been disabled
        due to a known issue with resource cleanup
        OnAccessExtraScanning will be re-enabled in a future
        release when the issue is resolved. In the mean-time,
        users who enabled the feature in clamd.conf will see a
        warning informing them that the feature is not active.
        For details, see:
        https://bugzilla.clamav.net/show_bug.cgi?id=12048
    
      - Restore exit code compatibility of freshclam with
        versions before 0.100.0 when the virus database is
        already up to date (bsc#1104457)
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.clamav.net/show_bug.cgi?id=12048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1103040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104457"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1110723"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected clamav packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:clamav-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libclamav7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libclamav7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libclammspack0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libclammspack0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"clamav-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"clamav-debuginfo-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"clamav-debugsource-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"clamav-devel-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libclamav7-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libclamav7-debuginfo-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libclammspack0-0.100.2-lp150.2.6.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libclammspack0-debuginfo-0.100.2-lp150.2.6.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "clamav / clamav-debuginfo / clamav-debugsource / clamav-devel / etc");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1146.NASL
    descriptionAn issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.(CVE-2018-14681) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.(CVE-2018-14682) An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.(CVE-2018-14680) A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the
    last seen2020-03-17
    modified2019-01-14
    plugin id121131
    published2019-01-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121131
    titleAmazon Linux AMI : clamav (ALAS-2019-1146)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3789-1.NASL
    descriptionIt was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118082
    published2018-10-12
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118082
    titleUbuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : clamav vulnerability (USN-3789-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1310.NASL
    descriptionThis update for clamav fixes the following issues : clamav was updated to version 0.100.2 : - CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2018-10-29
    plugin id118483
    published2018-10-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118483
    titleopenSUSE Security Update : clamav (openSUSE-2018-1310)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-EFF94DA132.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2019-01-03
    plugin id120891
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120891
    titleFedora 28 : clamav (2018-eff94da132)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1FC39F2D13.NASL
    descriptionClamAV 0.100.2 has been released! This is a patch release to address several vulnerabilities. Fixes for the following ClamAV vulnerabilities: CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2018-10-17
    plugin id118159
    published2018-10-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118159
    titleFedora 27 : clamav (2018-1fc39f2d13)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-1227.NASL
    descriptionThis update for clamav fixes the following issues : clamav was updated to version 0.100.2. Following security issues were fixed : - CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-05
    modified2018-10-24
    plugin id118342
    published2018-10-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118342
    titleopenSUSE Security Update : clamav (openSUSE-2018-1227)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1553.NASL
    descriptionClamAV is an anti-virus utility for Unix, whose upstream developers have released the version 0.100.2. Installing this new version is required to make use of all current virus signatures and to avoid warnings. This version also fixes a security issue discovered after version 0.100.1 : CVE-2018-15378 : A vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id118364
    published2018-10-25
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118364
    titleDebian DLA-1553-1 : clamav security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3436-1.NASL
    descriptionThis update for clamav fixes the following issues : clamav was updated to version 0.100.2 : CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id118454
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118454
    titleSUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:3436-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-3250-1.NASL
    descriptionThis update for clamav fixes the following issues : clamav was updated to version 0.100.2. Following security issues were fixed : CVE-2018-15378: Vulnerability in ClamAV
    last seen2020-03-18
    modified2019-01-02
    plugin id120135
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120135
    titleSUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2018:3250-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-12.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-12 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id123984
    published2019-04-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123984
    titleGLSA-201904-12 : ClamAV: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_8B812395C73911E8AB5B9C5C8E75236A.NASL
    descriptionJoel Esler reports : - CVE-2018-15378 : - Vulnerability in ClamAV
    last seen2020-06-01
    modified2020-06-02
    plugin id117911
    published2018-10-04
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117911
    titleFreeBSD : clamav -- multiple vulnerabilities (8b812395-c739-11e8-ab5b-9c5c8e75236a)