ClamAV HTML CSS Module Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the HTML Cascading Style Sheets (CSS) module of ClamAV. This issue allows an unauthenticated, remote attacker to disrupt the normal functioning of an affected device. The vulnerability arises from improper error handling when processing UTF-8 strings, which could be exploited by sending a crafted HTML file for scanning. Successful exploitation would cause the scanning process to crash, although it would not affect the overall stability of the system.

Impact

Exploitation of this vulnerability leads to a crash of the ClamAV scanning process, causing delays or interruptions in scanning operations. However, it does not impact the overall stability of the system.

Remediation

Cisco has released software updates to address this vulnerability. Affected users can upgrade to version 1.28.1 for the Secure Endpoint Connector for Linux, version 1.27.2 for the Connector for Mac, and version 8.6.0 for the Connector for Windows. For Cisco Secure Endpoint Private Cloud, the vulnerability can be addressed by updating to version 4.2.7 or earlier with updated connectors.