Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-20290

Опубликовано: 07 фев. 2024
Источник: nvd
CVSS3: 7.5
EPSS Средний

Описание

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.

For a description of this vulnerability, see the ClamAV blog .

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Версия до 7.5.17 (исключая)
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
Версия от 8.0.1.21160 (включая) до 8.2.3.30119 (исключая)
cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*
Версия до 3.8.0 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 93%
0.10345
Средний

7.5 High

CVSS3

Дефекты

CWE-126
CWE-125

Связанные уязвимости

ubuntu логотип

CVE-2024-20290

CVSS3: 7.5
ubuntu
почти 2 года назад

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

debian логотип

CVE-2024-20290

CVSS3: 7.5
debian
почти 2 года назад

A vulnerability in the OLE2 file format parser of ClamAV could allow a ...

github логотип

GHSA-xcpx-h22f-m42v

CVSS3: 7.5
github
почти 2 года назад

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

fstec логотип

BDU:2024-01085

CVSS3: 7.5
fstec
около 2 лет назад

Уязвимость компонента анализа файлов формата OLE2 пакета антивирусных программ ClamAV, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.10345
Средний

7.5 High

CVSS3

Дефекты

CWE-126
CWE-125