All Vulnerability Reports

CVE-2019-13232: ClamAV Add-on for PCF consumes a vulnerable version of ClamAV


Severity

High

Vendor

Pivotal Cloud Foundry

Description

Pivotal ClamAV Add-on for PCF, versions prior to 1.4.46, contain a dependency on a vulnerable version of ClamAV. A remote unauthenticated malicious user may conduct a Denial-of-Service (DoS) attack by scanning a non-recursive zip bomb leading to a loss of availability.

Affected VMware Products and Versions

Severity is high unless otherwise noted.

  • ClamAV Add-on for PCF
    • 1.x versions prior to 1.4.46

Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal releases that have fixed this issue include:
    • ClamAV Add-on for PCF
      • 1.4.46

References

History

2019-08-14: Initial vulnerability report published.

2019-09-03: Updated the fixed version and references section.