Vulnerability CVE-2020-3481: Information
Description
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| clamav | sisyphus | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Fixed |
| clamav | p10 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Fixed |
| clamav | p9 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2469-1 | 255486 | Fixed |
| clamav | p8 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2478-1 | 255498 | Fixed |
| clamav | c10f1 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Fixed |
| clamav | c9f2 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2469-1 | 255486 | Fixed |
| clamav | p11 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| ClamAV 0.102.4 security patch released |
|
| GLSA-202007-23 |
|
| USN-4435-1 |
|
| USN-4435-2 |
|
| [debian-lts-announce] 20200806 [SECURITY] [DLA 2314-1] clamav security update |
|
| FEDORA-2020-dd0c20d985 | |
| FEDORA-2020-6584a641ae |