A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2024-02-07T16:16:00.975Z
Updated: 2024-11-07T20:23:12.944Z
Reserved: 2023-11-08T15:08:07.627Z
Link: CVE-2024-20290
Vulnrichment
Updated: 2024-08-01T21:59:41.158Z
NVD
Status : Modified
Published: 2024-02-07T17:15:10.517
Modified: 2024-11-21T08:52:14.023
Link: CVE-2024-20290
Redhat
No data.