Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attacker-supplied file reaches the scanner remotely with no auth or interaction (AV:N/AC:L/PR:N/UI:N); impact is temporary scanner DoS only, so C:N/I:N/A:H.
Primary rating from Vendor (cisco).
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
AnalysisAI
Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be able to get a crafted InstallShield-format file scanned by the target ClamAV instance - i.e., the deployment must scan attacker-influenced files (mail gateway, upload scanner, file-share AV) and must have the InstallShield file parser enabled (it is enabled by default in standard scanning). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score is 7.5 (High) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H - network reachable, low complexity, no privileges or user interaction, and a pure availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker emails a crafted InstallShield installer file (or uploads it to a service) that is automatically routed to a ClamAV-backed scanner. When ClamAV parses the file, its InstallShield handler mishandles temporary resources, terminating the scanning process and temporarily spiking system resource usage, so legitimate messages or uploads queue up or fail to be scanned. … |
| Remediation | Patch available per vendor advisory - upgrade to the fixed ClamAV release identified in the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR; the input data does not contain an exact fix version, so obtain the precise patched build from that advisory and do not rely on an assumed version number. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all ClamAV deployments, document versions and network exposure, enable service-crash monitoring with alerts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Secure Endpoint
View allOn Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p
Denial of service in ClamAV's FSG file format parser allows an unauthenticated remote attacker to crash the scanning eng
Denial of service in ClamAV's PE (Portable Executable) file format parser lets an unauthenticated, remote attacker crash
Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning eng
Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine
Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker
Denial of service in ClamAV's 7z archive scanner allows a remote, unauthenticated attacker to crash the scanning process
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of serv
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthe
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 a
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 a
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 a
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: Important| Product | Status |
|---|---|
| openSUSE Leap 16.0 | Fixed |
| openSUSE Tumbleweed | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Manager Proxy LTS 4.3 | Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Affected |
| SUSE Manager Server LTS 4.3 | Affected |
| SUSE Linux Enterprise Desktop 15 SP7 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Affected |
| SUSE Linux Enterprise Micro 5.5 | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP7 | Affected |
| SUSE Linux Enterprise Server 15 SP7 | Affected |
| SUSE Linux Enterprise Server 16.0 | Affected |
| SUSE Linux Enterprise Server 16.1 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.0 | Affected |
| SUSE Linux Enterprise Server for SAP applications 16.1 | Affected |
| openSUSE Leap 16.0 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP6 | Affected |
| SUSE Linux Enterprise Server 12 SP5 | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 12 SP5-LTSS Extended Security | Affected |
| SUSE Linux Enterprise Server 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Affected |
| SUSE Linux Enterprise Server 15 SP6 | Affected |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Affected |
| SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Affected |
| SUSE Manager Proxy 4.3 | Affected |
| SUSE Manager Proxy LTS 4.3 | Affected |
| SUSE Manager Retail Branch Server 4.3 | Affected |
| SUSE Manager Retail Branch Server LTS 4.3 | Affected |
| SUSE Manager Server 4.3 | Affected |
| SUSE Manager Server LTS 4.3 | Affected |
| SUSE CaaS Platform 4.0 | Not-Affected |
| SUSE Enterprise Storage 6 | Not-Affected |
| SUSE Enterprise Storage 7 | Not-Affected |
| SUSE Enterprise Storage 7.1 | Affected |
| SUSE Linux Enterprise Desktop 15 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP5 | Not-Affected |
| SUSE Linux Enterprise Desktop 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Affected |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Affected |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Not-Affected |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Module for Basesystem 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Real Time 15 SP4 | Not-Affected |
| SUSE Linux Enterprise Server 15 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3 | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-BCL | Not-Affected |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Affected |
| SUSE Linux Enterprise Server 15-LTSS | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Not-Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Affected |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Affected |
| SUSE Manager Proxy 4.0 | Not-Affected |
| SUSE Manager Proxy 4.1 | Not-Affected |
| SUSE Manager Proxy 4.2 | Not-Affected |
| SUSE Manager Retail Branch Server 4.0 | Not-Affected |
| SUSE Manager Retail Branch Server 4.1 | Not-Affected |
| SUSE Manager Retail Branch Server 4.2 | Not-Affected |
| SUSE Manager Server 4.0 | Not-Affected |
| SUSE Manager Server 4.1 | Not-Affected |
| SUSE Manager Server 4.2 | Not-Affected |
| openSUSE Leap 15.3 | Not-Affected |
| openSUSE Leap 15.4 | Not-Affected |
| openSUSE Leap 15.5 | Not-Affected |
| openSUSE Leap 15.6 | Affected |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41081
GHSA-8fx8-2p33-gv76