{"id":"CVE-2020-3123","details":"A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","modified":"2026-04-16T04:38:54.312873943Z","published":"2020-02-05T18:15:11.203Z","related":["SUSE-SU-2020:3729-1","SUSE-SU-2020:3790-1","SUSE-SU-2020:3918-1","SUSE-SU-2021:14592-1","openSUSE-SU-2020:2268-1","openSUSE-SU-2020:2276-1","openSUSE-SU-2024:10685-1"],"references":[{"type":"ADVISORY","url":"https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html"},{"type":"ADVISORY","url":"https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-46"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4280-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4280-2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"0"},{"last_affected":"8925c55dfc6f34e7667a0afa65fdc2f5a558be3e"},{"introduced":"0"},{"last_affected":"8475a3ca91fcca54849f4e49ec51e33dc6d56696"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.102.0"},{"introduced":"0"},{"last_affected":"0.102.1"}]}}],"versions":["clamav-0.101.0","clamav-0.102.0","clamav-0.102.1","clamav-0.96","clamav-0.96.2","clamav-0.96.3","clamav-0.96.4","clamav-0.96.5","clamav-0.96rc1","clamav-0.96rc2","clamav-0.97","clamav-0.97rc","merge-llvm-97877","r5076"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-3123.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}