A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2024-02-07T16:16:00.975Z
Updated: 2024-02-07T16:16:00.975Z
Reserved: 2023-11-08T15:08:07.627Z
Link: CVE-2024-20290
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-02-07T17:15:10.517
Modified: 2024-02-15T15:43:27.240
Link: CVE-2024-20290
JSON object: View
Redhat Information
No data.