Denial of Service Vulnerability in Cisco ClamAV (CERT-NCSOC-0228)

Tags: English. Risk Level: High.

Components Affected
• Cisco Secure Endpoint Connector for Linux versions prior to 1.25.1
• Cisco Secure Endpoint Connector for Mac versions prior to 1.24.4
• Cisco Secure Endpoint Connector for Windows versions prior to 7.5.20
• Cisco Secure Endpoint Connector for Windows versions prior to 8.4.3
• Cisco Secure Endpoint Private Cloud versions prior to 4.2.0

Overview
A vulnerability was identified in Cisco ClamAV, where a remote attacker could exploit this vulnerability to trigger denial of service condition on the targeted system.

Description
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption process of ClamAV could enable a remote, unauthenticated attacker to trigger a denial of service (DoS) on a vulnerable device. This issue arises from an integer underflow during a bounds check, leading to a heap buffer overflow read. By submitting a specially crafted file with OLE2 content to be scanned by ClamAV, an attacker could exploit this vulnerability. If successful, the attacker could disrupt the ClamAV scanning process, causing a DoS condition in the affected software.

Impact
• Denial of Service

Solution/ Workarounds
Before installation of the software, please visit the vendor website for more details.
Apply fixes issued by the vendor:
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

Reference
Cisco ClamAV Denial of Service Vulnerability

Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind