ByteOS Network

CVE Vulnerability Details :

CVE-2020-3123

PUBLISHED

More Info Official Page

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-05 Feb, 2020 | 17:30

Updated At-15 Nov, 2024 | 17:43

▼CVE Numbering Authority (CNA)

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Affected Products

Vendor

Cisco Systems, Inc.

Product

ClamAV

Versions

Affected

0.102.1

Problem Types

Type	CWE ID	Description
CWE	CWE-125	CWE-125 Out-of-bounds Read

Type: CWE

CWE ID: CWE-125

Description: CWE-125 Out-of-bounds Read

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Hyperlink	Resource
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062	vendor-advisory x_refsource_CISCO
https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html	x_refsource_CONFIRM
https://usn.ubuntu.com/4280-1/	vendor-advisory x_refsource_UBUNTU
https://usn.ubuntu.com/4280-2/	vendor-advisory x_refsource_UBUNTU
https://security.gentoo.org/glsa/202003-46	vendor-advisory x_refsource_GENTOO

Hyperlink: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062

Resource:

vendor-advisory

x_refsource_CISCO

Hyperlink: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html

Resource:

x_refsource_CONFIRM

Hyperlink: https://usn.ubuntu.com/4280-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://usn.ubuntu.com/4280-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://security.gentoo.org/glsa/202003-46

Resource:

vendor-advisory

x_refsource_GENTOO

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062	vendor-advisory x_refsource_CISCO x_transferred
https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html	x_refsource_CONFIRM x_transferred
https://usn.ubuntu.com/4280-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://usn.ubuntu.com/4280-2/	vendor-advisory x_refsource_UBUNTU x_transferred
https://security.gentoo.org/glsa/202003-46	vendor-advisory x_refsource_GENTOO x_transferred

Hyperlink: https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062

Resource:

vendor-advisory

x_refsource_CISCO

x_transferred

Hyperlink: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://usn.ubuntu.com/4280-1/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://usn.ubuntu.com/4280-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://security.gentoo.org/glsa/202003-46

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

2. CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References