CVE-2024-20328

CWE-78OS Command Injection8 documents7 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 51.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Clamav ClamavCisco Clamav
Timeline
PublishedMar 1
Latest updateMar 12

Description

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.8 | Impact: 3.4

Affected Packages4 packages

NVDclamav/clamav1.0.01.0.5+1
Debianclamav< 1.0.5+dfsg-1~deb12u1+2
Ubuntuclamav< 1.0.5+dfsg-0ubuntu0.23.10.1
CVEListV5cisco/clamav1.2.0, 1.2.1+1

🔴Vulnerability Details

4
CVEList
ClamAV VirusEvent File Processing Command Injection Vulnerability2024-03-01
GHSA
GHSA-vhq6-cjc8-x8v9: A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application s2024-03-01
OSV
CVE-2024-20328: A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application s2024-03-01
OSV
clamav vulnerabilities2024-02-14

📋Vendor Advisories

3
Microsoft
ClamAV VirusEvent File Processing Command Injection Vulnerability2024-03-12
Ubuntu
ClamAV vulnerabilities2024-02-14
Debian
CVE-2024-20328: clamav - A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker...2024
CVE-2024-20328 (MEDIUM CVSS 5.3) | A vulnerability in the VirusEvent f | cvebase.io