7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%
Issue Overview:
Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue. (CVE-2020-3327)
Fixed a vulnerability a malicious user could exploit to replace a scan target directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc. (CVE-2020-3350)
Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions. (CVE-2020-3481)
Affected Packages:
clamav
Issue Correction:
Run yum update clamav to update your system.
New Packages:
i686:
clamav-db-0.102.4-1.44.amzn1.i686
clamav-debuginfo-0.102.4-1.44.amzn1.i686
clamav-update-0.102.4-1.44.amzn1.i686
clamd-0.102.4-1.44.amzn1.i686
clamav-0.102.4-1.44.amzn1.i686
clamav-lib-0.102.4-1.44.amzn1.i686
clamav-devel-0.102.4-1.44.amzn1.i686
clamav-milter-0.102.4-1.44.amzn1.i686
noarch:
clamav-data-0.102.4-1.44.amzn1.noarch
clamav-filesystem-0.102.4-1.44.amzn1.noarch
src:
clamav-0.102.4-1.44.amzn1.src
x86_64:
clamav-devel-0.102.4-1.44.amzn1.x86_64
clamav-milter-0.102.4-1.44.amzn1.x86_64
clamav-debuginfo-0.102.4-1.44.amzn1.x86_64
clamd-0.102.4-1.44.amzn1.x86_64
clamav-0.102.4-1.44.amzn1.x86_64
clamav-lib-0.102.4-1.44.amzn1.x86_64
clamav-update-0.102.4-1.44.amzn1.x86_64
clamav-db-0.102.4-1.44.amzn1.x86_64
Red Hat: CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
Mitre: CVE-2020-3327, CVE-2020-3350, CVE-2020-3481
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | clamav-db | < 0.102.4-1.44.amzn1 | clamav-db-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-debuginfo | < 0.102.4-1.44.amzn1 | clamav-debuginfo-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-update | < 0.102.4-1.44.amzn1 | clamav-update-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamd | < 0.102.4-1.44.amzn1 | clamd-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav | < 0.102.4-1.44.amzn1 | clamav-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-lib | < 0.102.4-1.44.amzn1 | clamav-lib-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-devel | < 0.102.4-1.44.amzn1 | clamav-devel-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-milter | < 0.102.4-1.44.amzn1 | clamav-milter-0.102.4-1.44.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | clamav-data | < 0.102.4-1.44.amzn1 | clamav-data-0.102.4-1.44.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | clamav-filesystem | < 0.102.4-1.44.amzn1 | clamav-filesystem-0.102.4-1.44.amzn1.noarch.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%