Lucene search

Ubuntu.comUB:CVE-2024-20380

HistoryApr 18, 2024 - 12:00 a.m.

CVE-2024-20380

2024-04-1800:00:00

ubuntu.com

clamav

html parser

dos

vulnerability

remote attacker

crafted file

scanning process

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

A vulnerability in the HTML parser of ClamAV could allow an
unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device. The vulnerability is due to an issue in
the C to Rust foreign function interface. An attacker could exploit this
vulnerability by submitting a crafted file containing HTML content to be
scanned by ClamAV on an affected device. An exploit could allow the
attacker to cause the ClamAV scanning process to terminate, resulting in a
DoS condition on the affected software.

Notes

Author	Note
mdeslaur	per upstream “This issue affects version 1.3.0 only and does not affect prior versions.”

References

blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html

launchpad.net/bugs/cve/CVE-2024-20380

nvd.nist.gov/vuln/detail/CVE-2024-20380

security-tracker.debian.org/tracker/CVE-2024-20380

www.cve.org/CVERecord?id=CVE-2024-20380

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for UB:CVE-2024-20380