Login Sign Up

CVE-2023-46345

7.5 HIGH
Denial of Service

📋 TL;DR

Catdoc v0.95 contains a NULL pointer dereference vulnerability in the xls2csv component that can cause the application to crash when processing malicious Excel files. This affects systems running Catdoc v0.95 to convert Excel files to CSV format. The vulnerability could potentially lead to denial of service or be leveraged for further exploitation.

💻 Affected Systems

Products:
  • Catdoc
Versions: v0.95
Operating Systems: Linux, Unix-like systems, Windows (if compiled from source)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using the xls2csv component to convert Excel files to CSV format

📦 What is this software?

Catdoc by Fossies

View all CVEs affecting Catdoc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution if combined with other vulnerabilities, or persistent denial of service affecting file conversion services

🟠

Likely Case

Application crash when processing specially crafted Excel files, causing denial of service for file conversion operations

🟢

If Mitigated

Application crash with no data loss or privilege escalation if proper sandboxing and privilege separation are implemented

🌐 Internet-Facing: MEDIUM - Only affects systems exposing Catdoc file conversion services directly to untrusted users
🏢 Internal Only: LOW - Typically used in controlled environments for batch file conversion

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub gist, exploitation requires feeding malicious Excel file to xls2csv

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or apply source code fix from community patches.

🔧 Temporary Workarounds

Disable xls2csv component

linux

Remove or disable the xls2csv binary to prevent exploitation

sudo rm /usr/bin/xls2csv
sudo chmod 000 /usr/bin/xls2csv

Input validation wrapper

linux

Create a wrapper script that validates Excel files before passing to xls2csv

#!/bin/bash
# Validate file exists and is not empty before processing
if [ -s "$1" ]; then
    /usr/bin/xls2csv "$1"
else
    echo "Invalid or empty file"
    exit 1
fi

🧯 If You Can't Patch

  • Implement strict file upload validation for any Excel files processed by Catdoc
  • Run Catdoc in a containerized or sandboxed environment with limited privileges

🔍 How to Verify

Check if Vulnerable:

Check if xls2csv binary exists and version is 0.95: xls2csv --version 2>&1 | grep -i 'catdoc'

Check Version:

xls2csv --version 2>&1 | head -1

Verify Fix Applied:

Test with known malicious Excel file from PoC to ensure application doesn't crash

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in system logs
  • Catdoc/xls2csv process crashes
  • Abnormal termination of file conversion processes

Network Indicators:

  • Multiple failed file conversion requests
  • Unusual Excel file upload patterns to conversion services

SIEM Query:

process.name:"xls2csv" AND event.action:"segmentation_fault"

📊 Metadata

CVE ID: CVE-2023-46345
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-476
Published: October 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46345, you might also want to check these:

CVE-2022-36648 10.0

This CVE describes a vulnerability in QEMU's hardware emulation where a malformed program executed i...

Same vulnerability type (CWE-476)
CVE-2022-30592 9.8

This vulnerability in LiteSpeed QUIC (LSQUIC) before version 3.1.0 involves improper handling of MAX...

Same vulnerability type (CWE-476)
CVE-2023-47003 9.8

A NULL pointer dereference vulnerability in RedisGraph allows attackers to execute arbitrary code or...

Same vulnerability type (CWE-476)