CVE-2022-20803

CWE-4154 documents4 sources
Severity
7.5HIGH
EPSS
1.7%
top 17.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Clamav ClamavCisco Clamav
Timeline
PublishedFeb 17

Description

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDclamav/clamav0.104.00.104.3
CVEListV5cisco/clamav0.104.0

🔴Vulnerability Details

2
CVEList
ClamAV Double-free Vulnerability in the OLE2 File Parser2023-02-17
GHSA
GHSA-rv4r-hqph-p3cp: A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 02023-02-17

📋Vendor Advisories

1
Debian
CVE-2022-20803: clamav - A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.10...2022
CVE-2022-20803 (HIGH CVSS 7.5) | A vulnerability in the OLE2 file pa | cvebase.io