CVE-2024-20380 Information

Description

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate resulting in a DoS condition on the affected software.

Reference

https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html