CVE-2024-20380

2024-04-1820:15:17

Debian Security Bug Tracker

security-tracker.debian.org

clamav

html parser

vulnerability

denial of service

unauthenticated

remote attacker

crafted file

scanning process

c to rust

issue

exploit

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.0%

JSON

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

OSVersionArchitecturePackageVersionFilename
Debian12allclamav< 1.0.5+dfsg-1~deb12u1clamav_1.0.5+dfsg-1~deb12u1_all.deb
Debian11allclamav< 0.103.10+dfsg-0+deb11u1clamav_0.103.10+dfsg-0+deb11u1_all.deb
Debian999allclamav< 1.3.1+dfsg-5clamav_1.3.1+dfsg-5_all.deb
Debian13allclamav< 1.3.1+dfsg-5clamav_1.3.1+dfsg-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	clamav	< 1.0.5+dfsg-1~deb12u1	clamav_1.0.5+dfsg-1~deb12u1_all.deb
Debian	11	all	clamav	< 0.103.10+dfsg-0+deb11u1	clamav_0.103.10+dfsg-0+deb11u1_all.deb
Debian	999	all	clamav	< 1.3.1+dfsg-5	clamav_1.3.1+dfsg-5_all.deb
Debian	13	all	clamav	< 1.3.1+dfsg-5	clamav_1.3.1+dfsg-5_all.deb