CVE-2024-20290

CVSS V2 None CVSS V3 None

Description

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

Overview

CVE ID
CVE-2024-20290

Assigner
cisco

Vulnerability Status
PUBLISHED

Published Version
2024-02-07T16:16:00.975Z

Last Modified Date
2024-02-07T16:16:00.975Z

Weakness Enumerations

CWE	URL
CWE-126	http://cwe.mitre.org/data/definitions/126.html

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-20290
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 04:34:37				Added to TrackCVE