SUSE update for clamav

1) Improper Validation of Array Index

EUVDB-ID: #VU79711

Risk: High

CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2023-40477

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of array index when processing recovery volumes. A remote attacker can trick the victim to open a specially crafted archive and execute arbitrary code on the system.

Mitigation

Update the affected package clamav to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

clamav-debuginfo: before 0.103.11-3.30.1

clamav: before 0.103.11-3.30.1

clamav-debugsource: before 0.103.11-3.30.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:*
• cpe:2.3:a:suse:clamav-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:clamav:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:clamav-debugsource:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2023/suse-su-20234297-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.