Skip to content

Instantly share code, notes, and snippets.

View CVE-2020-26893.txt
> [Suggested description]
> An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor
> could use a properly signed copy of ClamXAV 2 (running with an
> injected malicious dylib) to communicate with ClamXAV 3's helper tool
> and perform privileged operations. This occurs because of inadequate
> client verification in the helper tool.
> ------------------------------------------
> [VulnerabilityType Other]