Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3123

Опубликовано: 05 фев. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:clamav:clamav:0.102.0:*:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.102.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.03107
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2020-3123

CVSS3: 7.5
ubuntu
около 6 лет назад

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

debian логотип

CVE-2020-3123

CVSS3: 7.5
debian
около 6 лет назад

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...

github логотип

GHSA-x7cm-49hv-4xfc

github
больше 3 лет назад

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

fstec логотип

BDU:2020-05768

CVSS3: 7.5
fstec
около 6 лет назад

Уязвимость модуля Data-Loss-Prevention (DLP) средства антивирусной защиты Clam Antivirus, позволяюшая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2021:14592-1

suse-cvrf
около 5 лет назад

Security update for clamav

EPSS

Процентиль: 86%
0.03107
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125
CWE-125