CVE-2024-20380
Published: 18 April 2024
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Notes
Author | Note |
---|---|
mdeslaur | per upstream "This issue affects version 1.3.0 only and does not affect prior versions." |
Priority
Status
Package | Release | Status |
---|---|---|
clamav Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(1.3.0 only)
|
focal |
Not vulnerable
(1.3.0 only)
|
|
jammy |
Not vulnerable
(1.3.0 only)
|
|
mantic |
Not vulnerable
(1.3.0 only)
|
|
noble |
Not vulnerable
(1.3.0 only)
|
|
trusty |
Not vulnerable
(1.3.0 only)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(1.3.0 only)
|