Allele Security Alert
ASA-2019-00631
Identifier(s)
ASA-2019-00631, CVE-2019-12625
Title
Zip Bomb Vulnerability
Vendor(s)
Cisco Systems
Product(s)
ClamAV
Affected version(s)
ClamAV versions before 0.101.4
Fixed version(s)
ClamAV version 0.101.4
Proof of concept
Yes
Description
ClamAV versions prior to 0.101.4 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
Technical details
Unknown
Credits
David Fifield
Reference(s)
ClamAV 0.101.3 security patch release and 0.102.0-beta have been published
https://blog.clamav.net/2019/08/clamav-01013-security-patch-release-and.html
ClamAV 0.101.4 security patch release has been published
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
ZIP bomb causes extreme CPU spikes
https://bugzilla.clamav.net/show_bug.cgi?id=12356
Adds –max-scantime clamscan option and MaxScanTime clamd config option.
https://github.com/Cisco-Talos/clamav-devel/commit/0359cc5754403f4643db6cfc9267823f84d57f5a
Adds detection and heuristic alert for zips with overlapping files, preventing extraction of non-recursive zip bombs.
https://github.com/Cisco-Talos/clamav-devel/commit/dcd26ea5f97bf851f4bac74f1367aedf5c162c9c
clamav: denial of service through “better zip bomb”
https://www.openwall.com/lists/oss-security/2019/08/06/3
A better zip bomb
https://www.bamsoftware.com/hacks/zipbomb/
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12625.html
CVE-2019-12625 | SUSE
https://www.suse.com/security/cve/CVE-2019-12625
CVE-2019-12625
https://security-tracker.debian.org/tracker/CVE-2019-12625
CVE-2019-12625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12625
CVE-2019-12625
https://nvd.nist.gov/vuln/detail/CVE-2019-12625
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 8, 2019