ClamAV OLE2 File Format Parser Vulnerability Could Lead to Denial of Service

CVE-2024-20290

What is CVE-2024-20290?

A vulnerability exists in the OLE2 file format parser within ClamAV, allowing unauthenticated remote attackers to trigger a denial of service (DoS) on devices utilizing this software. This issue stems from an improper verification of end-of-string values during file scanning processes, leading to potential heap buffer over-reads. By submitting specially crafted files containing OLE2 content for scanning, an attacker could effectively terminate the ClamAV scanning service, which results in a DoS condition while simultaneously consuming the system's available resources. Immediate attention to affected versions is crucial to ensure operational integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

securityonline.info

CVE-2024-20328CVE-2024-20290

ClamAV Bugs Expose Users to Command Injection (CVE-2024-20328) and DoS Attacks (CVE-2024-20290)

ClamAV's developers issued critical patches addressing two vulnerabilities (CVE-2024-20328 & CVE-2024-20290) within the library

References