symlink

ClamAV’s core daemon contains a deceptively simple bug that, when chained with local access and the ability to restart services, can let an attacker overwrite critical system files by abusing log handling — a privilege-handling flaw tracked as CVE-2024-20506 that was patched by the ClamAV...