CVE-2024-20290
Description
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
Affected products
44- osv-coords41 versionspkg:apk/chainguard/clamavpkg:apk/chainguard/clamav-1.3pkg:apk/chainguard/clamav-1.3-clamdscanpkg:apk/chainguard/clamav-1.3-daemonpkg:apk/chainguard/clamav-1.3-dbpkg:apk/chainguard/clamav-1.3-devpkg:apk/chainguard/clamav-1.3-docpkg:apk/chainguard/clamav-1.3-freshclampkg:apk/chainguard/clamav-1.3-libunrarpkg:apk/chainguard/clamav-1.3-milterpkg:apk/chainguard/clamav-1.3-scannerpkg:apk/chainguard/clamav-clamdscanpkg:apk/chainguard/clamav-daemonpkg:apk/chainguard/clamav-dbpkg:apk/chainguard/clamav-devpkg:apk/chainguard/clamav-docpkg:apk/chainguard/clamav-libunrarpkg:apk/chainguard/clamav-milterpkg:apk/chainguard/clamav-scannerpkg:apk/chainguard/freshclampkg:apk/wolfi/clamavpkg:apk/wolfi/clamav-1.3pkg:apk/wolfi/clamav-1.3-clamdscanpkg:apk/wolfi/clamav-1.3-daemonpkg:apk/wolfi/clamav-1.3-dbpkg:apk/wolfi/clamav-1.3-devpkg:apk/wolfi/clamav-1.3-docpkg:apk/wolfi/clamav-1.3-freshclampkg:apk/wolfi/clamav-1.3-libunrarpkg:apk/wolfi/clamav-1.3-milterpkg:apk/wolfi/clamav-1.3-scannerpkg:apk/wolfi/clamav-clamdscanpkg:apk/wolfi/clamav-daemonpkg:apk/wolfi/clamav-dbpkg:apk/wolfi/clamav-devpkg:apk/wolfi/clamav-docpkg:apk/wolfi/clamav-libunrarpkg:apk/wolfi/clamav-milterpkg:apk/wolfi/clamav-scannerpkg:apk/wolfi/freshclampkg:deb/ubuntu/[email protected]+dfsg-0ubuntu0.23.10.1?arch=source&distro=mantic
< 1.3.0-r0+ 40 more
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.3.0-r0
- (no CPE)range: < 1.0.5+dfsg-0ubuntu0.23.10.1
- Cisco/Cisco Secure Endpointv5Range: 6.0.9
- Cisco/Cisco Secure Endpoint Private Cloud Administration Portalv5Range: N/A
- Cisco/Cisco Secure Endpoint Private Cloud Consolev5Range: N/A
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- lists.fedoraproject.org/archives/list/[email protected]/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/mitre
- lists.fedoraproject.org/archives/list/[email protected]/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/mitre
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6tmitre
News mentions
0No linked articles in our index yet.