CVE-2020-26893

An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool.
References
Configurations

Configuration 1

cpe:2.3:a:clamxav:clamxav:*:*:*:*:*:*:*:*

Information

Published : 2020-10-16 01:15

Updated : 2020-10-21 01:59


NVD link : CVE-2020-26893

Mitre link : CVE-2020-26893

Products Affected
No products.
CWE