CVE-2024-20290: 
Clam AntiVirus vulnerability analysis and mitigation

A vulnerability (CVE-2024-20290) was discovered in the OLE2 file format parser of ClamAV that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability affects ClamAV versions 1.0.0 through 1.2.1 and was disclosed on February 7, 2024 (Cisco Advisory).

The vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. It has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is classified as CWE-125 (Out-of-bounds Read) and CWE-126 (Buffer Over-read) (Cisco Advisory).

A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. This vulnerability particularly affects Windows-based platforms where the ClamAV scanning process runs as a service that could enter a loop condition, consuming available CPU resources and delaying or preventing further scanning operations (Cisco Advisory).

Cisco has released software updates that address this vulnerability in ClamAV version 1.2.2 and 1.0.5. For Cisco Secure Endpoint Connector for Windows, the fixed versions are 7.5.17 and 8.2.3.30119. For Cisco Secure Endpoint Private Cloud, version 3.8.0 with updated connectors addresses the vulnerability. There are no workarounds available for this vulnerability (Cisco Advisory).