CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
35.9%
It was discovered that ClamAV incorrectly handled parsing certain OLE2
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2024-20290)
Amit Schendel discovered that the ClamAV ClamD service incorrectly handled
the VirusEvent feature. An attacker able to connect to ClamD could possibly
use this issue to execute arbitrary code. (CVE-2024-20328)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | clamav | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-base | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-daemon | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-daemon-dbgsym | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-dbgsym | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-docs | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-freshclam | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-freshclam-dbgsym | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-milter | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |
Ubuntu | 23.10 | noarch | clamav-milter-dbgsym | < 1.0.5+dfsg-0ubuntu0.23.10.1 | UNKNOWN |