CVE-2024-20328
Last modified
CVE-2024-20328 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. EPSS estimates a 84.84% chance of exploitation in the next 30 days.
Description
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Clamav | Clamav | >= 1.0.0, < 1.0.5 |
| Clamav | Clamav | >= 1.2.0, < 1.2.2 |
References
- https://blog.clamav.net/2023/11/clamav-130-122-105-released.htmlRelease Notes, Vendor Advisory
- https://blog.clamav.net/2023/11/clamav-130-122-105-released.htmlRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-20328?
How severe is CVE-2024-20328?
How do I fix CVE-2024-20328?
Are you affected by CVE-2024-20328?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST