Protect Your Devices: ClamAV Vulnerability Allows Remote Denial of Service Attacks

CVECVE-2024-20290
CVSScvssV3_1: 7.5
SourceCVE-2024-20290

ClamAV is an open source anti-virus software used widely to detect malware on devices. Unfortunately, researchers discovered a vulnerability in how ClamAV parses OLE2 file formats that could allow remote attackers to cause denial of service (DoS) attacks.

The vulnerability lies in ClamAV’s inability to properly check for string end values when scanning files containing OLE2 content like documents. A hacker can craft a malicious file with special OLE2 code that, when scanned by ClamAV, would result in a buffer overflow. This overflow causes the ClamAV scanning process to crash, denying service to legitimate users.

By submitting the crafted file to ClamAV servers or tricking users into opening the file, attackers can remotely trigger the crash from anywhere in the world. The crashing of the antivirus would consume system resources and potentially make the targeted devices unstable or unusable.

To protect yourself, make sure you keep your ClamAV software updated to the latest version, which contains a patch for this vulnerability. Also be wary of opening unexpected files or attachments from unknown senders. Following basic cybersecurity practices like these will help prevent denial of service attacks targeting your devices through software vulnerabilities.

References