CVE-2022-20803

CVSS V2 None CVSS V3 None
Description
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
Overview
  • CVE ID
  • CVE-2022-20803
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-17T18:15:11
  • Last Modified Date
  • 2023-02-28T16:22:35
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* 1 OR 0.104.0 0.104.3
References
History
Created Old Value New Value Data Type Notes
2023-04-17 07:56:52 Added to TrackCVE
2023-04-17 07:56:54 Weakness Enumeration new