How severe is CVE-2024-20506?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2024-20506?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2024-20506 - MEDIUM Severity | CVSS 6.1

Vulnerability Description

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

Related Vulnerabilities

CVE-2019-5673

MEDIUM

CVSS:6.1(Medium)

NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing tra...

CWE-7542019

CVE-2024-42224

MEDIUM

CVSS:6.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv...

CWE-7542024

CVE-2019-11139

MEDIUM

CVSS:6.0(Medium)

Improper conditions check in the voltage modulation interface for some Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access.

CWE-7542019

CVE-2020-7453

MEDIUM

CVSS:6.0(Medium)

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set config...

CWE-7542020

CVE-2025-3359

MEDIUM

CVSS:6.2(Medium)

A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment.

CWE-7542025

CVE-2018-7287

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).

CWE-7542018