PT-2020-17244 · Cisco+4 · Clamav+4

Daehui Chang

+1

·

Published

2020-05-12

·

Updated

2026-02-06

·

CVE-2020-3327

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) version 0.102.2
Description A vulnerability in the ARJ archive parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to a heap buffer overflow read. An attacker could exploit this by sending a crafted ARJ file to an affected device, potentially causing the ClamAV scanning process to crash.
Recommendations For version 0.102.2, consider updating to a newer version that addresses the heap buffer overflow read issue in the ARJ archive parsing module to prevent denial of service conditions. As a temporary workaround, consider restricting the processing of ARJ files until a patch is available.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-2018
ALT-PU-2020-2028
ALT-PU-2020-2461
ALT-PU-2020-2469
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2020-3327
DLA-2215-1
DLA-2314-1
MGASA-2020-0226
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020:3918-1
SUSE-SU-2021:14592-1
USN-4370-1
USN-4370-2
USN-4435-1
USN-4435-2

Affected Products

Alt Linux
Clamav
Linuxmint
Suse
Ubuntu