{
  "schema_version": "1.4.0",
  "id": "GHSA-x7cm-49hv-4xfc",
  "modified": "2022-05-24T17:08:03Z",
  "published": "2022-05-24T17:08:03Z",
  "aliases": [
    "CVE-2020-3123"
  ],
  "details": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3123"
    },
    {
      "type": "WEB",
      "url": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html"
    },
    {
      "type": "WEB",
      "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202003-46"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4280-1"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4280-2"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-02-05T18:15:00Z"
  }
}