On Tue, 2 Jan 2024, Paul Kosinski via clamav-users wrote:
CVE-2021-44879
Wenqing Liu reported a NULL pointer dereference in the f2fs
implementation. An attacker able to mount a specially crafted image
^^^^^^^^^^^^^^^^^^^^^^^
can take advantage of this flaw for denial of service.
From "Debian Security Advisory DSA-5594-1"
Do you have a ClamAV rule for that ?
I don't see how ClamAV would find that unless it did an fsck-like
scan of the image. If it used the system tools, it would trigger the
vulnerability; if it did its own scan it would be susceptible to
software
rot and I don't see how it would avoid false positives when looking for
null (long?)words in special places.
[ Not sure why Debian is fixing this now
when Ubuntu fixed it nearly two years ago. ]
I agree that it would be good to get rid of the 2GB limit
though I can see that it could require changes throughout the code
and break backward compatibility.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat