FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
68ae70c5-c5e5-11ee-9768-08002784c58d	clamav -- Multiple vulnerabilities The ClamAV project reports: CVE-2024-20290 A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. CVE-2024-20328 Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command. Discovery 2024-02-07 Entry 2024-02-07 clamav < 1.2.2,1 clamav-lts < 1.0.5,1 CVE-2024-20290 CVE-2024-20328 https://blog.clamav.net/2023/11/clamav-130-122-105-released.html
51a59f36-3c58-11ee-b32e-080027f5fec9	clamav -- Possible denial of service vulnerability in the HFS+ file parser Steve Smith reports: There is a possible denial of service vulnerability in the HFS+ file parser. Discovery 2023-08-15 Entry 2023-08-16 clamav < 1.1.1,1 clamav-lts < 1.0.2,1 CVE-2023-20197 https://blog.clamav.net/2023/07/2023-08-16-releases.html

VuXML ID

Description

68ae70c5-c5e5-11ee-9768-08002784c58d

clamav -- Multiple vulnerabilities

The ClamAV project reports:

CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.

CVE-2024-20328

Fixed a possible command injection vulnerability in the "VirusEvent" feature of ClamAV's ClamD service. To fix this issue, we disabled the '%f' format string parameter. ClamD administrators may continue to use the `CLAM_VIRUSEVENT_FILENAME` environment variable, instead of '%f'. But you should do so only from within an executable, such as a Python script, and not directly in the clamd.conf "VirusEvent" command.

Discovery 2024-02-07
Entry 2024-02-07
clamav

< 1.2.2,1

clamav-lts

< 1.0.5,1

CVE-2024-20290
CVE-2024-20328
https://blog.clamav.net/2023/11/clamav-130-122-105-released.html

51a59f36-3c58-11ee-b32e-080027f5fec9

clamav -- Possible denial of service vulnerability in the HFS+ file parser

Steve Smith reports:

There is a possible denial of service vulnerability in the HFS+ file parser.

Discovery 2023-08-15
Entry 2023-08-16
clamav

< 1.1.1,1

clamav-lts

< 1.0.2,1

CVE-2023-20197
https://blog.clamav.net/2023/07/2023-08-16-releases.html