CVE-2018-18585

Note

We released clamav 0.100.2+dfsg-1ubuntu0.1X.04.2 for precise/esm
and trusty, but subsequently were notified the bundled libmspack is
not actually vulnerable in this case, because ClamAV assigns a
filename with a generated hash.

Package	Release	Status
clamav Launchpad, Ubuntu, Debian	bionic	Not vulnerable (uses system libmspack)
	cosmic	Not vulnerable (uses system libmspack)
	disco	Not vulnerable (uses system libmspack)
	focal	Not vulnerable (uses system libmspack)
	jammy	Not vulnerable (uses system libmspack)
	kinetic	Not vulnerable (uses system libmspack)
	lunar	Not vulnerable (uses system libmspack)
	mantic	Not vulnerable (uses system libmspack)
	trusty	Released (0.100.2+dfsg-1ubuntu0.14.04.2)
	upstream	Needs triage
	xenial	Not vulnerable (uses system libmspack)
libmspack Launchpad, Ubuntu, Debian	bionic	Released (0.6-3ubuntu0.2)
	cosmic	Released (0.7-1ubuntu0.1)
	disco	Not vulnerable (0.9.1-1)
	focal	Not vulnerable (0.9.1-1)
	jammy	Not vulnerable (0.9.1-1)
	kinetic	Not vulnerable (0.9.1-1)
	lunar	Not vulnerable (0.9.1-1)
	mantic	Not vulnerable (0.9.1-1)
	trusty	Needed
	upstream	Needs triage
	xenial	Released (0.5-1ubuntu0.16.04.3)
	Patches: upstream: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f

Parameter	Value
Base score	4.3
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	Required
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	Low
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2018-18585

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading