CVE-2024-20380 — Vulnetix

CVE-2024-20380 PUBLISHED

Es besteht eine Schwachstelle in ClamAV. Dieser Fehler besteht im HTML-Dateiparser aufgrund einer unsachgemäßen Eingabeneutralisierung. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen.

EPSS 0.50% · 66.4th percentile

Risk Scores

EPSS Score

0.50%

66.4th percentile

Affected Products

Vendor	Product	Versions
SUSE	SUSE Linux
Open Source	Open Source ClamAV 1.3.0

Exploit Intelligence

https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html (circl)

Timeline

Apr 17, 2024 CVE Published
Apr 19, 2024 EPSS Score
May 14, 2024 EPSS Score
Jul 3, 2024 EPSS Score
Jul 28, 2024 EPSS Score
Aug 22, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 11, 2024 EPSS Score
Nov 4, 2024 EPSS Score
Nov 29, 2024 EPSS Score
Jan 19, 2025 EPSS Score
Feb 3, 2025 CVE Updated

References

https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0921.json advisory
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0921 advisory
http://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html advisory
https://github.com/Cisco-Talos/clamav/pull/1242 advisory
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020257.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020256.html advisory
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020258.html advisory

Open in Interactive Console →