CVE-2022-20698 - OpenCVE

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Canonical	Ubuntu Linux
Clamav	Clamav

Configuration 1 [-]

OR	cpe:2.3:a:clamav:clamav:::::lts:::*
	cpe:2.3:a:clamav:clamav::::::::

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:20.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:21.04:::::::*

References

Link	Resource
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html	Exploit Vendor Advisory
https://security.gentoo.org/glsa/202310-01

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2022-01-14T00:00:00

Updated: 2023-10-01T10:06:17.357612

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20698

JSON object: View

NVD Information

Status : Modified

Published: 2022-01-14T06:15:09.570

Modified: 2023-10-01T11:15:09.633

Link: CVE-2022-20698

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-20698", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2023-10-01T10:06:17.357612", "dateReserved": "2021-11-02T00:00:00", "datePublished": "2022-01-14T00:00:00"}, "containers": {"cna": {"title": "Clam AntiVirus (ClamAV) Denial of Service Vulnerability", "datePublic": "2022-01-13T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-10-01T10:06:17.357612"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition."}], "affected": [{"vendor": "Cisco", "product": "ClamAV", "versions": [{"version": "unspecified", "lessThan": "0.103.5", "status": "affected", "versionType": "custom"}]}, {"vendor": "Cisco", "product": "ClamAV", "versions": [{"version": "unspecified", "lessThan": "0.104.2", "status": "affected", "versionType": "custom"}]}], "references": [{"tags": ["vendor-advisory"], "url": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html"}, {"name": "GLSA-202310-01", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-01"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20", "cweId": "CWE-20"}]}], "source": {"advisory": "clamav-01035-and-01042-security-patch", "discovery": "EXTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*", "matchCriteriaId": "C04A315F-E440-4760-8208-FA8FFF30368A", "versionEndExcluding": "0.103.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E51033D-0691-499E-9279-C5C15CD498DF", "versionEndExcluding": "0.104.2", "versionStartIncluding": "0.104.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*", "matchCriteriaId": "B85E9B9B-ADDB-4D2F-A857-685BD30CE856", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.10:*:*:*:*:*:*:*", "matchCriteriaId": "338B3AAC-C147-4A31-95E7-6E8A6FB4B3FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.04:*:*:*:*:*:*:*", "matchCriteriaId": "8EF1C1CC-3FAE-4DE3-BC41-E5B14D5721F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo de an\u00e1lisis de OOXML en el software Clam AntiVirus (ClamAV) versi\u00f3n 0.104.1 y LTS versiones 0.103.4 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. La vulnerabilidad es debido a comprobaciones inapropiadas que pueden resultar en una lectura de un puntero no v\u00e1lido. Un atacante podr\u00eda aprovechar esta vulnerabilidad mediante el env\u00edo de un archivo OOXML dise\u00f1ado a un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante causar el bloqueo del proceso de escaneo de ClamAV, resultando en una condici\u00f3n de denegaci\u00f3n de servicio"}], "id": "CVE-2022-20698", "lastModified": "2023-10-01T11:15:09.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2022-01-14T06:15:09.570", "references": [{"source": "ykramarz@cisco.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html"}, {"source": "ykramarz@cisco.com", "url": "https://security.gentoo.org/glsa/202310-01"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}