Date: Fri, 19 Apr 2024 20:46:00 GMT From: Yasuhiro Kimura <yasu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 9addc7583072 - main - security/vuxml: Document possible DoS attack valnerability in ClamAV Message-ID: <202404192046.43JKk0AM005866@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=9addc75830725210c3828065845c29d3ab8c4c80 commit 9addc75830725210c3828065845c29d3ab8c4c80 Author: Yasuhiro Kimura <yasu@FreeBSD.org> AuthorDate: 2024-04-19 20:44:22 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2024-04-19 20:44:22 +0000 security/vuxml: Document possible DoS attack valnerability in ClamAV --- security/vuxml/vuln/2024.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index d871348915a6..97b5ac824f2b 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,40 @@ + <vuln vid="ecafc4af-fe8a-11ee-890c-08002784c58d"> + <topic>clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition</topic> + <affects> + <package> + <name>clamav</name> + <range><ge>1.3.0,1</ge><lt>1.3.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Błażej Pawłowski reports:</p> + <blockquote cite="https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html">; + <p> + A vulnerability in the HTML parser of ClamAV could allow + an unauthenticated, remote attacker to cause a denial of + service (DoS) condition on an affected device. The + vulnerability is due to an issue in the C to Rust foreign + function interface. An attacker could exploit this + vulnerability by submitting a crafted file containing HTML + content to be scanned by ClamAV on an affected device. An + exploit could allow the attacker to cause the ClamAV + scanning process to terminate, resulting in a DoS + condition on the affected software. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-20380</cvename> + <url>https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html</url>; + </references> + <dates> + <discovery>2024-04-17</discovery> + <entry>2024-04-19</entry> + </dates> + </vuln> + <vuln vid="4ebdd56b-fe72-11ee-bc57-00e081b7aa2d"> <topic>jenkins -- Terrapin SSH vulnerability in Jenkins CLI client</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404192046.43JKk0AM005866>