[Pkg-clamav-devel] Bug#950944: clamav: Vulnerability in the Data-Loss-Prevention (DLP) module
Scott Kitterman
debian at kitterman.com
Sat Feb 8 16:07:12 GMT 2020
Package: clamav
Version: 0.102.1+dfsg-0+deb10u2
Severity: important
Tags: upstream
CVE-2020-3123
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus
(ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated,
remote attacker to cause a denial of service condition on an affected device.
The vulnerability is due to an out-of-bounds read affecting users that have
enabled the optional DLP feature. An attacker could exploit this vulnerability
by sending a crafted email file to an affected device. An exploit could allow
the attacker to cause the ClamAV scanning process crash, resulting in a denial
of service condition.
Fixed in 0.102.2.
More information about the Pkg-clamav-devel
mailing list