Fluid Attacks Database

Description

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.11	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.100.1-r0 \|\| =0.100.1-r1 \|\| =0.100.2-r0 \|\| =0.100.3-r0 \|\| =0.101.4-r0 \|\| =0.101.4-r1 \|\| =0.102.0-r0 \|\| =0.102.1-r0 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.102.3-r0	0.102.3-r0
debian 12	clamav	>=0 <0.102.4+dfsg-1	0.102.4+dfsg-1
debian 13	clamav	>=0 <0.102.4+dfsg-1	0.102.4+dfsg-1
alpine v3.12	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.100.1-r0 \|\| =0.100.1-r1 \|\| =0.100.2-r0 \|\| =0.100.3-r0 \|\| =0.101.4-r0 \|\| =0.101.4-r1 \|\| =0.102.0-r0 \|\| =0.102.1-r0 \|\| =0.102.2-r0 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.102.3-r0	0.102.3-r0
alpine v3.13	clamav	=0.100.0-r0 \|\| =0.100.0-r1 \|\| =0.100.0-r2 \|\| =0.100.1-r0 \|\| =0.100.1-r1 \|\| =0.100.2-r0 \|\| =0.100.3-r0 \|\| =0.101.4-r0 \|\| =0.101.4-r1 \|\| =0.102.0-r0 \|\| =0.102.1-r0 \|\| =0.102.2-r0 \|\| =0.94.2-r0 \|\| =0.94.2-r1 \|\| =0.94.2-r2 \|\| =0.95.1-r0 \|\| =0.95.1-r1 \|\| =0.95.2-r0 \|\| =0.95.2-r1 \|\| =0.95.3-r0 \|\| =0.95.3-r1 \|\| =0.96-r0 \|\| =0.96.1-r0 \|\| =0.96.2-r0 \|\| =0.96.3-r0 \|\| =0.96.4-r0 \|\| =0.96.5-r0 \|\| =0.97-r0 \|\| =0.97-r1 \|\| =0.97-r2 \|\| =0.97-r3 \|\| =0.97-r4 \|\| =0.97.1-r0 \|\| =0.97.2-r0 \|\| =0.97.3-r0 \|\| =0.97.3-r1 \|\| =0.97.3-r2 \|\| =0.97.3-r3 \|\| =0.97.4-r0 \|\| =0.97.4-r1 \|\| =0.97.4-r2 \|\| =0.97.5-r0 \|\| =0.97.6-r0 \|\| =0.97.6-r1 \|\| =0.97.7-r0 \|\| =0.97.8-r0 \|\| =0.97.8-r1 \|\| =0.97.8-r2 \|\| =0.98-r0 \|\| =0.98-r1 \|\| =0.98.1-r0 \|\| =0.98.1-r1 \|\| =0.98.1-r2 \|\| =0.98.3-r0 \|\| =0.98.4-r0 \|\| =0.98.4-r1 \|\| =0.98.5-r0 \|\| =0.98.6-r0 \|\| =0.98.6-r1 \|\| =0.98.6-r2 \|\| =0.98.7-r0 \|\| =0.98.7-r1 \|\| =0.98.7-r2 \|\| =0.99-r0 \|\| =0.99-r1 \|\| =0.99-r2 \|\| =0.99-r3 \|\| =0.99.1-r0 \|\| =0.99.1-r1 \|\| =0.99.1-r2 \|\| =0.99.2-r0 \|\| =0.99.2-r1 \|\| =0.99.2-r2 \|\| =0.99.2-r3 \|\| =0.99.2-r4 \|\| =0.99.2-r5 \|\| =0.99.2-r6 \|\| =0.99.3-r1 \|\| =0.99.3-r2 \|\| =0.99.3-r3 \|\| =0.99.4-r0 \|\| =0.99.4-r1 \|\| >=0 <0.102.3-r0	0.102.3-r0
debian 11	clamav	>=0 <0.102.4+dfsg-1	0.102.4+dfsg-1
debian 14	clamav	>=0 <0.102.4+dfsg-1	0.102.4+dfsg-1

Aliases

1. CVE-2020-33272. NVD-2020-33273. OSV-ALPINE-2020-33274. OSV-2020-33275. OSV-DEBIAN-2020-33276. SECURITY-CVE-2020-33277. SECURITY-TRACKER-CVE-2020-3327

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.