{"id":"CVE-2020-3123","details":"A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","modified":"2026-05-15T12:04:14.176883220Z","published":"2020-02-05T18:15:11.203Z","related":["SUSE-SU-2020:3729-1","SUSE-SU-2020:3790-1","SUSE-SU-2020:3918-1","SUSE-SU-2021:14592-1","openSUSE-SU-2020:2268-1","openSUSE-SU-2020:2276-1","openSUSE-SU-2024:10685-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"12.04"},{"last_affected":"14.04"},{"last_affected":"16.04"},{"last_affected":"18.04"},{"last_affected":"19.10"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"}]},"references":[{"type":"ADVISORY","url":"https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html"},{"type":"ADVISORY","url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-46"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4280-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4280-2/"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}