How severe is CVE-2024-20290?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-20290?

This is classified as CWE-126, which is a common weakness in software security.

CVE-2024-20290 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

Related Vulnerabilities

CVE-2017-7668

HIGH

CVSS:7.5(High)

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously ...

CWE-1262017

CVE-2018-8789

HIGH

CVSS:7.5(High)

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8791

HIGH

CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CWE-1262018

CVE-2018-8792

HIGH

CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8796

HIGH

CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8798

HIGH

CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

CWE-1262018