Vulnerability Description
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clamav | Clamav | >= 0.102.0, <= 0.102.3 |
| Canonical | Ubuntu Linux | 12.04 |
| Debian | Debian Linux | 9.0 |
| Fedoraproject | Fedora | 31 |
Related Weaknesses (CWE)
References
- https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.htmlVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/08/msg00010.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202007-23Third Party Advisory
- https://usn.ubuntu.com/4435-1/Third Party Advisory
- https://usn.ubuntu.com/4435-2/Third Party Advisory
- https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.htmlVendor Advisory
- https://lists.debian.org/debian-lts-announce/2020/08/msg00010.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202007-23Third Party Advisory
- https://usn.ubuntu.com/4435-1/Third Party Advisory
- https://usn.ubuntu.com/4435-2/Third Party Advisory
FAQ
What is CVE-2020-3481?
CVE-2020-3481 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition ...
How severe is CVE-2020-3481?
CVE-2020-3481 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3481?
Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Canonical Ubuntu Linux, Debian Debian Linux, Fedoraproject Fedora.