CVE-2024-23440 (GCVE-0-2024-23440)

Vulnerability from cvelistv5 – Published: 2024-02-13 15:01 – Updated: 2025-05-19 18:21
VLAI?
Summary
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
Severity ?
7.1 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
VirusBlokAda Vba32 Antivirus Affected: 3.36.0
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-23440",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-13T16:48:43.141620Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:45:46.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:06:24.174Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://fluidattacks.com/advisories/adderley/"
          },
          {
            "tags": [
              "product",
              "x_transferred"
            ],
            "url": "https://www.anti-virus.by/vba32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Vba32 Antivirus",
          "vendor": "VirusBlokAda",
          "versions": [
            {
              "status": "affected",
              "version": "3.36.0"
            }
          ]
        }
      ],
      "datePublic": "2024-01-29T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u0026nbsp;The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer."
            }
          ],
          "value": "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-540",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-540 Overread Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-19T18:21:17.618Z",
        "orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
        "shortName": "Fluid Attacks"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://fluidattacks.com/advisories/adderley/"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.anti-virus.by/vba32"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Vba32 Antivirus v3.36.0 - Arbitrary Memory Read",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
    "assignerShortName": "Fluid Attacks",
    "cveId": "CVE-2024-23440",
    "datePublished": "2024-02-13T15:01:12.248Z",
    "dateReserved": "2024-01-16T20:47:02.910Z",
    "dateUpdated": "2025-05-19T18:21:17.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:anti-virus:vba32:3.36.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00ECDEA3-9AF7-405E-B0BB-1EA693E52ACF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.\"}, {\"lang\": \"es\", \"value\": \"Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria. El c\\u00f3digo IOCTL 0x22200B del controlador Vba32m64.sys permite leer hasta 0x802 de memoria desde un puntero arbitrario proporcionado por el usuario.\"}]",
      "id": "CVE-2024-23440",
      "lastModified": "2024-11-21T08:57:42.717",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"help@fluidattacks.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.2}]}",
      "published": "2024-02-13T15:15:09.070",
      "references": "[{\"url\": \"https://fluidattacks.com/advisories/adderley/\", \"source\": \"help@fluidattacks.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.anti-virus.by/vba32\", \"source\": \"help@fluidattacks.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://fluidattacks.com/advisories/adderley/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.anti-virus.by/vba32\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
      "sourceIdentifier": "help@fluidattacks.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"help@fluidattacks.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-23440\",\"sourceIdentifier\":\"help@fluidattacks.com\",\"published\":\"2024-02-13T15:15:09.070\",\"lastModified\":\"2025-05-19T19:15:47.370\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.\"},{\"lang\":\"es\",\"value\":\"Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria. El c\u00f3digo IOCTL 0x22200B del controlador Vba32m64.sys permite leer hasta 0x802 de memoria desde un puntero arbitrario proporcionado por el usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"help@fluidattacks.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:anti-virus:vba32:3.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00ECDEA3-9AF7-405E-B0BB-1EA693E52ACF\"}]}]}],\"references\":[{\"url\":\"https://fluidattacks.com/advisories/adderley/\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.anti-virus.by/vba32\",\"source\":\"help@fluidattacks.com\",\"tags\":[\"Product\"]},{\"url\":\"https://fluidattacks.com/advisories/adderley/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.anti-virus.by/vba32\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://fluidattacks.com/advisories/adderley/\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.anti-virus.by/vba32\", \"tags\": [\"product\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:06:24.174Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-23440\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-13T16:48:43.141620Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:11.223Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Vba32 Antivirus v3.36.0 - Arbitrary Memory Read\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-540\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-540 Overread Buffers\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VirusBlokAda\", \"product\": \"Vba32 Antivirus\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.36.0\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-01-29T17:00:00.000Z\", \"references\": [{\"url\": \"https://fluidattacks.com/advisories/adderley/\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.anti-virus.by/vba32\", \"tags\": [\"product\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u0026nbsp;The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"84fe0718-d6bb-4716-a7e8-81a6d1daa869\", \"shortName\": \"Fluid Attacks\", \"dateUpdated\": \"2025-05-19T18:21:17.618Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-23440\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-19T18:21:17.618Z\", \"dateReserved\": \"2024-01-16T20:47:02.910Z\", \"assignerOrgId\": \"84fe0718-d6bb-4716-a7e8-81a6d1daa869\", \"datePublished\": \"2024-02-13T15:01:12.248Z\", \"assignerShortName\": \"Fluid Attacks\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.