Lucene search

[email protected]NVD:CVE-2022-20803

HistoryFeb 17, 2023 - 6:15 p.m.

CVE-2022-20803

2023-02-1718:15:11

CWE-415

[email protected]

web.nvd.nist.gov

vulnerability

clam antivirus

denial of service

ole2 file parser

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Affected configurations

Nvd

Node

clamavclamavRange0.104.0–0.104.3

VendorProductVersionCPE
clamavclamav*cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
clamav	clamav	*	cpe:2.3:a:clamav:clamav::::::::

References

blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

security.gentoo.org/glsa/202310-01

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

59.5%

JSON

Related for NVD:CVE-2022-20803

cve1 debiancve1 osv1 ubuntucve1 prion1 cvelist1 nessus2 freebsd1 redos1 gentoo1