Clam AntiVirus (ClamAV) Software versions 0.102.0 – 0.102.3 NULL Pointer Dereference Vulnerability

Summary

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 – 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. 

 

Credit:

The information has been provided by Emilio Pozuelo Monfort

The original article can be found at:https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html


Details

The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

 

Vulnerable Systems:

Clam AntiVirus (ClamAV) Software versions 0.102.0 – 0.102.3

 

CVE Information:

CVE-2020-3481

 

Disclosure Timeline:
Published Date:7/20/2020

Categories: FeaturedNews