CVE-2019-1785 : A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

Published 2019-04-08 19:29:05

Updated 2023-03-01 18:35:49

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Directory traversalInput validationDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2019-1785

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-1785

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-1785

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-1785

https://bugzilla.clamav.net/show_bug.cgi?id=12284

Bug 12284 – cli_gentemp_with_prefix traversal
Issue Tracking;Third Party Advisory
https://security.gentoo.org/glsa/201904-12

ClamAV: Multiple vulnerabilities (GLSA 201904-12) — Gentoo security
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2019-1785

Clamav » Clamav » Version: 0.101.0
cpe:2.3:a:clamav:clamav:0.101.0:*:*:*:*:*:*:*
Matching versions
Clamav » Clamav » Version: 0.101.1
cpe:2.3:a:clamav:clamav:0.101.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2019-1785

Exploit prediction scoring system (EPSS) score for CVE-2019-1785

CVSS scores for CVE-2019-1785

CWE ids for CVE-2019-1785

References for CVE-2019-1785

Products affected by CVE-2019-1785