CVE-2017-6420 : What You Need to Know
Learn about CVE-2017-6420, a denial of service vulnerability in ClamAV 0.99.2 triggered by a crafted PE file. Find out how to mitigate the risk and prevent exploitation.
ClamAV version 0.99.2 is susceptible to a denial of service vulnerability through a crafted PE file utilizing WWPack compression.
Understanding CVE-2017-6420
What is CVE-2017-6420?
The vulnerability in ClamAV 0.99.2 allows remote attackers to trigger a use-after-free condition via the wwunpack function in libclamav/wwunpack.c.
The Impact of CVE-2017-6420
This vulnerability can be exploited by remote attackers to cause a denial of service on affected systems.
Technical Details of CVE-2017-6420
Vulnerability Description
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 enables a use-after-free attack through a specially crafted PE file with WWPack compression.
Affected Systems and Versions
- Product: ClamAV
- Vendor: N/A
- Version: 0.99.2
Exploitation Mechanism
The vulnerability is triggered by a malicious PE file utilizing WWPack compression, leading to a use-after-free condition.
Mitigation and Prevention
Immediate Steps to Take
- Update ClamAV to a non-vulnerable version.
- Implement network security measures to prevent remote exploitation.
Long-Term Security Practices
- Regularly update antivirus software and security patches.
- Conduct security audits to identify and address vulnerabilities.
Patching and Updates
Apply patches provided by ClamAV to address the vulnerability.