Allele Security Alert
ASA-2019-00648
Identifier(s)
ASA-2019-00648
Title
Out-of-bounds write within ClamAV’s NSIS bzip2 library
Vendor(s)
Cisco Systems
Product(s)
ClamAV
Affected version(s)
ClamAV versions before 0.101.4
Fixed version(s)
ClamAV version 0.101.4
Proof of concept
Unknown
Description
An out of bounds write was possible within ClamAV’s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900).
Technical details
Unknown
Credits
Martin Simmons
Reference(s)
ClamAV 0.101.4 security patch release has been published
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
Possible instance of CVE-2019-12900 in libclamav/nsis/bzlib.c
https://bugzilla.clamav.net/show_bug.cgi?id=12371
bb12371 – nsis – manually adding patch by Albert Astals Cid to mitigate bzip2 CVE-2019-12900
https://github.com/Cisco-Talos/clamav-devel/commit/0249be88182ffeac9a3677736a1be2021c6c1b05
Make sure nSelectors is not out of range
https://sourceware.org/git/?p=bzip2.git;a=commitdiff;h=7ed62bfb46e87a9e878712603469440e6882b184
Accept as many selectors as the file format allows.
https://sourceware.org/git/?p=bzip2.git;a=commitdiff;h=b07b105d1b66e32760095e3602261738443b9e13
CVE-2019-12900 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-12900
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-12900.html
CVE-2019-12900 | SUSE
https://www.suse.com/security/cve/CVE-2019-12900
CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
CVE-2019-12900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
CVE-2019-12900
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 4, 2019