Уязвимость CVE-2020-3481: Информация
Описание
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
clamav | sisyphus | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Исправлено |
clamav | p10 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Исправлено |
clamav | p9 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2469-1 | 255486 | Исправлено |
clamav | p8 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2478-1 | 255498 | Исправлено |
clamav | c10f1 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2461-1 | 255491 | Исправлено |
clamav | c9f2 | 0.102.4-alt1 | 0.103.8-alt1 | ALT-PU-2020-2469-1 | 255486 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
ClamAV 0.102.4 security patch released |
|
GLSA-202007-23 |
|
USN-4435-1 |
|
USN-4435-2 |
|
[debian-lts-announce] 20200806 [SECURITY] [DLA 2314-1] clamav security update |
|
FEDORA-2020-dd0c20d985 | |
FEDORA-2020-6584a641ae |