ClamAV OLE2 File Format Parser Vulnerability Could Lead to Denial of Service
CVE-2024-20290

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Endpoint; Cisco Secure Endpoint Private Cloud Administration Portal; Cisco Secure Endpoint Private Cloud Console
Vendor: CVE Published:; 7 February 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-20290?

A vulnerability exists in the OLE2 file format parser within ClamAV, allowing unauthenticated remote attackers to trigger a denial of service (DoS) on devices utilizing this software. This issue stems from an improper verification of end-of-string values during file scanning processes, leading to potential heap buffer over-reads. By submitting specially crafted files containing OLE2 content for scanning, an attacker could effectively terminate the ClamAV scanning service, which results in a DoS condition while simultaneously consuming the system's available resources. Immediate attention to affected versions is crucial to ensure operational integrity.

Affected Version(s)

Cisco Secure Endpoint 6.0.9

Cisco Secure Endpoint 6.0.7

Cisco Secure Endpoint 6.1.5

News Articles

securityonline.info

CVE-2024-20328 CVE-2024-20290

ClamAV Bugs Expose Users to Command Injection (CVE-2024-20328) and DoS Attacks (CVE-2024-20290)

ClamAV's developers issued critical patches addressing two vulnerabilities (CVE-2024-20328 & CVE-2024-20290) within the library

References

https://sec.cloudapps.cisco.com/security/center/content/C...

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Nov 7, 2024
📰
First article discovered by securityonline.info
Feb 8, 2024
Vulnerability published
Feb 7, 2024
Vulnerability Reserved
Nov 8, 2023