A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.
For a description of this vulnerability, see the ClamAV blog .
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 08:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/ - Mailing List | |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t - Vendor Advisory |
15 Feb 2024, 15:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/ - Mailing List | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/ - Mailing List | |
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t - Vendor Advisory | |
First Time |
Cisco
Fedoraproject fedora Fedoraproject Cisco secure Endpoint Private Cloud Cisco secure Endpoint |
|
CPE | cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:* |
14 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Feb 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
07 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 17:15
Updated : 2024-11-21 08:52
NVD link : CVE-2024-20290
Mitre link : CVE-2024-20290
CVE.ORG link : CVE-2024-20290
JSON object : View
Products Affected
cisco
- secure_endpoint
- secure_endpoint_private_cloud
fedoraproject
- fedora