CVE-2024-20290
published 2024-02-07CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an…
PriorityP358high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
33.56%
98.2th percentile
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_cisco7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
ClamAV vulnerabilities
vendor_ubuntu·2024-02-14·CVSS 7.5
CVE-2024-20328 [HIGH] ClamAV vulnerabilities
Title: ClamAV vulnerabilities
Summary: Several security issues were fixed in ClamAV.
It was discovered that ClamAV incorrectly handled parsing certain OLE2
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2024-20290)
Amit Schendel discovered that the ClamAV ClamD service incorrectly handled
the VirusEvent feature. An attacker able to connect to ClamD could possibly
use this issue to execute arbitrary code. (CVE-2024-20328)
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Cisco
ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
vendor_cisco·2024-02-07·CVSS 7.5
CVE-2024-20290 [HIGH] CWE-126 ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog.
Cisco has released softwa
Debian
CVE-2024-20290: clamav - A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthen...
vendor_debian·2024·CVSS 7.5
CVE-2024-20290 [HIGH] CVE-2024-20290: clamav - A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthen...
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
Scope: local
bookworm: resolved (fixed in 1.0.5+dfsg-1~deb12u1)
bullseye: resolved
forky: r
Cisco
ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
vendor_cisco·CVSS 3.1
CVE-2024-20290 ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
CVE-2024-20290: ClamAV OLE2 File Format Parsing Denial of Service Vulnerability
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . Cisco has r
OSV
clamav vulnerabilities
osv·2024-02-14·CVSS 7.5
CVE-2024-20290 [HIGH] clamav vulnerabilities
clamav vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain OLE2
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2024-20290)
Amit Schendel discovered that the ClamAV ClamD service incorrectly handled
the VirusEvent feature. An attacker able to connect to ClamD could possibly
use this issue to execute arbitrary code. (CVE-2024-20328)
OSV
CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition
osv·2024-02-07·CVSS 7.5
CVE-2024-20290 [HIGH] CVE-2024-20290: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
GHSA
GHSA-xcpx-h22f-m42v: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition
ghsa_unreviewed·2024-02-07
CVE-2024-20290 [HIGH] CWE-125 GHSA-xcpx-h22f-m42v: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.fedoraproject.org/archives/list/[email protected]/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/https://lists.fedoraproject.org/archives/list/[email protected]/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6thttps://lists.fedoraproject.org/archives/list/[email protected]/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/https://lists.fedoraproject.org/archives/list/[email protected]/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t
2024-02-07
Published