A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-02-05T17:30:20.755023Z
Updated: 2024-09-16T22:30:15.432Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3123
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-02-05T18:15:11.203
Modified: 2022-01-01T19:56:23.730
Link: CVE-2020-3123
Redhat
No data.