CVE-2024-20380
Published: 18 April 2024
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Notes
| Author | Note |
|---|---|
| mdeslaur | per upstream "This issue affects version 1.3.0 only and does not affect prior versions." |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
clamav Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(1.3.0 only)
|
| focal |
Not vulnerable
(1.3.0 only)
|
|
| jammy |
Not vulnerable
(1.3.0 only)
|
|
| mantic |
Not vulnerable
(1.3.0 only)
|
|
| noble |
Not vulnerable
(1.3.0 only)
|
|
| trusty |
Not vulnerable
(1.3.0 only)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(1.3.0 only)
|