Candidate: CVE-2019-1785
PublicDate: 2019-04-08 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785
 https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
Description:
 A vulnerability in the RAR file scanning functionality of Clam AntiVirus
 (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an
 unauthenticated, remote attacker to cause a denial of service condition on
 an affected device. The vulnerability is due to a lack of proper
 error-handling mechanisms when processing nested RAR files sent to an
 affected device. An attacker could exploit this vulnerability by sending a
 crafted RAR file to an affected device. An exploit could allow the attacker
 to view or create arbitrary files on the targeted system.
Ubuntu-Description:
Notes:
 mdeslaur> affects 0.101.1 and 0.101.0 only
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1822503
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_clamav:
upstream_clamav: released (0.101.2+dfsg-1)
precise/esm_clamav: not-affected
trusty_clamav: not-affected (0.100.2+dfsg-1ubuntu0.14.04.2)
trusty/esm_clamav: not-affected (0.100.2+dfsg-1ubuntu0.14.04.2)
xenial_clamav: not-affected (0.100.2+dfsg-1ubuntu0.16.04.1)
esm-infra/xenial_clamav: not-affected (0.100.2+dfsg-1ubuntu0.16.04.1)
bionic_clamav: not-affected (0.100.2+dfsg-1ubuntu0.18.04.1)
cosmic_clamav: not-affected (0.100.2+dfsg-0ubuntu1)
devel_clamav: not-affected (0.100.2+dfsg-2ubuntu1)

Patches_libclamunrar:
upstream_libclamunrar: released (0.101.2-1)
precise/esm_libclamunrar: DNE
trusty_libclamunrar: not-affected (0.100.1-1~ubuntu0.14.04.1)
trusty/esm_libclamunrar: DNE (trusty was not-affected [0.100.1-1~ubuntu0.14.04.1])
xenial_libclamunrar: not-affected (0.100.1-1~ubuntu0.16.04.1)
bionic_libclamunrar: not-affected (0.100.1-1~ubuntu0.18.04.1)
cosmic_libclamunrar: not-affected (0.100.1-1)
devel_libclamunrar: not-affected (0.100.1-1)