cve/2024/CVE-2024-20290.md

### [CVE-2024-20290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20290)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Endpoint%20Private%20Cloud%20Administration%20Portal&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Endpoint%20Private%20Cloud%20Console&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Cisco%20Secure%20Endpoint&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Buffer%20Over-read&color=brighgreen)

### Description

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

 This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.

 For a description of this vulnerability, see the ClamAV blog .

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds