CVE-2024-20380

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions ClamAV (affected versions not specified)

Description A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-475

Related Identifiers

BDU:2024-03114

CVE-2024-20380

OPENSUSE-SU-2024:14087-1

OPENSUSE-SU-2025_0327-1

SUSE-SU-2025:0325-1

SUSE-SU-2025:0327-1

SUSE-SU-2025:0328-1

Affected Products

Clamav

Suse

CVE-2024-20380

Weakness Enumeration

Related Identifiers

Affected Products

References · 36