CVE Vulnerabilities

CVE-2024-20380

Undefined Behavior for Input to API

Published: Apr 18, 2024 | Modified: Jul 23, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Weakness

The behavior of this function is undefined unless its control parameter is set to a specific value.

Affected Software

Name Vendor Start Version End Version
Clamav Clamav 1.3.0 (including) 1.3.0 (including)
Clamav Clamav 1.3.0-rc (including) 1.3.0-rc (including)
Clamav Clamav 1.3.0-rc2 (including) 1.3.0-rc2 (including)

References