ClamAV OLE2 Parser Heap Buffer OverRead DoS
CVE-2024-20290 Published on February 7, 2024
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
Vulnerability Analysis
CVE-2024-20290 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Buffer Over-read
The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.
Products Associated with CVE-2024-20290
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-20290 are published in these products:
Affected Versions
Cisco Secure Endpoint:- Version 6.0.9 is affected.
- Version 6.0.7 is affected.
- Version 6.1.5 is affected.
- Version 6.1.7 is affected.
- Version 6.1.9 is affected.
- Version 6.2.1 is affected.
- Version 6.2.5 is affected.
- Version 6.2.19 is affected.
- Version 6.2.3 is affected.
- Version 6.2.9 is affected.
- Version 6.3.5 is affected.
- Version 6.3.1 is affected.
- Version 6.3.7 is affected.
- Version 6.3.3 is affected.
- Version 7.0.5 is affected.
- Version 7.1.1 is affected.
- Version 7.1.5 is affected.
- Version 7.2.13 is affected.
- Version 7.2.7 is affected.
- Version 7.2.3 is affected.
- Version 7.2.11 is affected.
- Version 7.2.5 is affected.
- Version 7.3.1 is affected.
- Version 7.3.9 is affected.
- Version 7.3.3 is affected.
- Version 7.3.5 is affected.
- Version 8.1.7 is affected.
- Version 8.1.5 is affected.
- Version 8.1.3.21242 is affected.
- Version 8.1.7.21512 is affected.
- Version 8.1.3 is affected.
- Version 8.1.5.21322 is affected.
- Version 8.1.7.21417 is affected.
- Version N/A is affected.
- Version N/A is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.