CVE-2020-3327

CWE-20Improper Input Validation16 documents7 sources
Severity
7.5HIGH
EPSS
7.6%
top 8.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco ClamavCisco Clam AntivirusCanonical Ubuntu Linux+2 more
Timeline
PublishedMay 13
Latest updateMay 24

Description

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5cisco/clamavunspecified0.102.3
Debianclamav< 0.102.4+dfsg-1+3
Ubuntuclamav< 0.102.3+dfsg-0ubuntu0.16.04.1+7

Also affects: Debian Linux 8.0, 9.0, Fedora 30, 31, 32, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

7
GHSA
GHSA-jgg8-q968-j8hx: A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 02022-05-24
OSV
clamav vulnerabilities2020-07-27
OSV
clamav vulnerabilities2020-07-27
OSV
clamav vulnerabilities2020-05-21
OSV
clamav vulnerabilities2020-05-21

📋Vendor Advisories

5
Ubuntu
ClamAV vulnerabilities2020-07-27
Ubuntu
ClamAV vulnerabilities2020-07-27
Ubuntu
ClamAV vulnerabilities2020-05-21
Ubuntu
ClamAV vulnerabilities2020-05-21
Debian
CVE-2020-3327: clamav - A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Sof...2020

💬Community

3
Bugzilla
CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file2020-05-19
Bugzilla
CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [fedora-all]2020-05-19
Bugzilla
CVE-2020-3327 clamav: heap-based buffer overflow via a crafted ARJ file [epel-all]2020-05-19
CVE-2020-3327 (HIGH CVSS 7.5) | A vulnerability in the ARJ archive | cvebase.io