CVSS 3.1 Score 7.5 of 10 (high)


Published Feb 7, 2024
Updated: Feb 15, 2024
CWE ID 125
CWE ID 126


CVE-2024-20290 is a vulnerability in the OLE2 file format parser of ClamAV that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability arises from an incorrect check for end-of-string values during scanning, potentially leading to a heap buffer over-read. To exploit this vulnerability, the attacker would need to submit a crafted file containing OLE2 content for scanning by ClamAV on the targeted device. A successful exploitation could result in the termination of the ClamAV scanning process, causing a DoS condition and consuming system resources. The affected products include several versions of ClamAV. An organization can remediate this vulnerability by applying the necessary security patches or updates provided by ClamAV. The potential danger posed to organizations is the disruption of services and resource exhaustion caused by the DoS attack, potentially leading to downtime and loss of productivity.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-20290 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options