Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-20128

Опубликовано: 22 янв. 2025
Источник: nvd
CVSS3: 5.3
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Версия от 1.0.0 (включая) до 1.0.8 (исключая)
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
Версия от 1.1.0 (включая) до 1.4.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
Версия до 1.24.4 (исключая)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
Версия до 1.25.1 (исключая)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Версия до 7.5.20 (исключая)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Версия от 8.0.1.21160 (включая) до 8.4.3 (исключая)
cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*
Версия до 4.2.0 (исключая)

EPSS

Процентиль: 90%
0.05916
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122

Связанные уязвимости

ubuntu логотип

CVE-2025-20128

CVSS3: 5.3
ubuntu
около 1 года назад

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

debian логотип

CVE-2025-20128

CVSS3: 5.3
debian
около 1 года назад

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryptio ...

github логотип

GHSA-6j5q-p9xp-3cc6

CVSS3: 5.3
github
около 1 года назад

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

fstec логотип

BDU:2025-00660

CVSS3: 6.2
fstec
около 1 года назад

Уязвимость компонента анализа файлов формата OLE2 пакета антивирусных программ Clam Antivirus, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2025:0328-1

suse-cvrf
около 1 года назад

Security update for clamav

EPSS

Процентиль: 90%
0.05916
Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-122