ID CVE-2017-11423
Summary The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
References
Vulnerable Configurations
  • cpe:2.3:a:libmspack_project:libmspack:0.5:alpha
    cpe:2.3:a:libmspack_project:libmspack:0.5:alpha
  • ClamAV 0.99.2
    cpe:2.3:a:clamav:clamav:0.99.2
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0167_LIBMSPACK.NASL
    description An update of the libmspack package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121862
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121862
    title Photon OS 1.0: Libmspack PHSA-2018-1.0-0167
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0075_LIBMSPACK.NASL
    description An update of the libmspack package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121969
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121969
    title Photon OS 2.0: Libmspack PHSA-2018-2.0-0075
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0167.NASL
    description An update of 'vim', 'ntp', 'openjdk', 'libmspack', 'blktrace', 'systemd', 'perl' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111946
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111946
    title Photon OS 1.0: Blktrace / Libmspack / Ntp / Openjdk / Perl / Systemd / Vim PHSA-2018-1.0-0167 (deprecated)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0075.NASL
    description An update of 'libmspack', 'strongswan' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111959
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111959
    title Photon OS 2.0: Libmspack / Strongswan PHSA-2018-2.0-0075 (deprecated)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-1AF202A86B.NASL
    description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-01
    plugin id 105828
    published 2018-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105828
    title Fedora 27 : libmspack (2017-1af202a86b)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0254-1.NASL
    description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106455
    published 2018-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106455
    title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0254-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0255-1.NASL
    description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106456
    published 2018-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106456
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0255-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-B97F9D82DC.NASL
    description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 103904
    published 2017-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103904
    title Fedora 25 : libmspack (2017-b97f9d82dc)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0809-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108652
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108652
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D2B08AA37F.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-14
    plugin id 108311
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108311
    title Fedora 26 : clamav (2018-d2b08aa37f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-982BFABC4E.NASL
    description Security fix for CVE-2017-6419 and CVE-2017-11423 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-02
    plugin id 103437
    published 2017-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103437
    title Fedora 26 : libmspack (2017-982bfabc4e)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-314.NASL
    description This update for clamav fixes the following issues : Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-03-27
    plugin id 108637
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108637
    title openSUSE Security Update : clamav (openSUSE-2018-314)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-102.NASL
    description This update for clamav fixes the following issues : - Update to security release 0.99.3 (bsc#1077732) - CVE-2017-12376 (ClamAV Buffer Overflow in handle_pdfname Vulnerability) - CVE-2017-12377 (ClamAV Mew Packet Heap Overflow Vulnerability) - CVE-2017-12379 (ClamAV Buffer Overflow in messageAddArgument Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. - CVE-2017-12374 (ClamAV use-after-free Vulnerabilities) - CVE-2017-12375 (ClamAV Buffer Overflow Vulnerability) - CVE-2017-12378 (ClamAV Buffer Over Read Vulnerability) - CVE-2017-12380 (ClamAV Null Dereference Vulnerability) - these vulnerabilities could have allowed an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. - CVE-2017-6420 (bsc#1052448) - this vulnerability could have allowed remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. - CVE-2017-6419 (bsc#1052449) - ClamAV could have allowed remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. - CVE-2017-11423 (bsc#1049423) - ClamAV could have allowed remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. - CVE-2017-6418 (bsc#1052466) - ClamAV could have allowed remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. - update upstream keys in the keyring - provide and obsolete clamav-nodb to trigger it's removal in Leap bsc#1040662 This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-02-12
    plugin id 106431
    published 2018-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106431
    title openSUSE Security Update : clamav (openSUSE-2018-102)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-16 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 109230
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109230
    title GLSA-201804-16 : ClamAV: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-602B5345FA.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-07
    plugin id 107169
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107169
    title Fedora 27 : clamav (2018-602b5345fa)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1279.NASL
    description CVE-2017-6419 CVE-2017-11423 Two vulnerabilities have been fixed that can be used for denial of service or maybe unspecified impact via drafted files (heap-based buffer overflow and stack-based buffer over-read causing application crash) For Debian 7 'Wheezy', these problems have been fixed in version 0.99.2+dfsg-0+deb7u5. We recommend that you upgrade your clamav packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-09
    plugin id 106780
    published 2018-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106780
    title Debian DLA-1279-1 : clamav security update
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3394-1.NASL
    description It was discovered that libmspack incorrectly handled certain malformed CHM files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-6419) It was discovered that libmspack incorrectly handled certain malformed CAB files. A remote attacker could use this issue to cause libmspack to crash, resulting in a denial of service. (CVE-2017-6419). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 102582
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102582
    title Ubuntu 16.04 LTS / 17.04 : libmspack vulnerabilities (USN-3394-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3946.NASL
    description It was discovered that libsmpack, a library used to handle Microsoft compression formats, did not properly validate its input. A remote attacker could craft malicious CAB or CHM files and use this flaw to cause a denial of service via application crash, or potentially execute arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 102598
    published 2017-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102598
    title Debian DSA-3946-1 : libmspack - security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0863-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108829
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108829
    title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0863-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-976.NASL
    description Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the 'DestPos' variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. (CVE-2012-6706) ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. (CVE-2018-1000085) Stack-based buffer over-read in cabd_read_string function The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. (CVE-2017-11423)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 108601
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108601
    title Amazon Linux AMI : clamav (ALAS-2018-976)
refmap via4
debian DSA-3946
gentoo GLSA-201804-16
misc
mlist [debian-lts-announce] 20180212 [SECURITY] [DLA 1279-1] clamav security update
Last major update 18-07-2017 - 16:29
Published 18-07-2017 - 16:29
Last modified 02-10-2019 - 20:03
Back to Top