CVE-2017-6418

Public on 2017-08-07

Modified on 2018-02-21

Description

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.

Severity

Medium

See what this means

CVSS v3 Base Score

5.5

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	clamav	2018-02-20 21:35	ALAS-2018-958

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P
Amazon Linux	CVSSv3	5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD	CVSSv3	5.5	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2017-6418 Mitre: CVE-2017-6418 FAQs regarding Amazon Linux ALAS/CVE Severity