One vulnerability affects popular antivirus products such as Kaspersky AntiVirus for Linux 126.96.36.199, Trend Micro InterScan VirusWall 3.8 Build 1130, and McAfee Virus Scan for Linux 4.16.0. Other versions may also be affected.
A team of researchers from Aerasec Network Services and Security GmbH, based in Hohenbrunn, Germany, discovered that these products have trouble with so-called bzip2 bombs.
When scanning compressed files for virus signatures, antivirus products usually decompress the file first. However, the products with the flaw often don’t limit the size of the resulting decompressed file, and extremely large files (billions of zeroes, for instance) can overwhelm the products. Decompressing a large file can take up all available file space on a machine, maxing out CPU usage and causing denial-of-service conditions on the machine.
Read the whole story at TechTarget.