PT-2020-17250 · Cisco+4 · Clamav+4

Published

2020-07-20

Updated

2026-02-06

CVE-2020-3481

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) versions 0.102.0 through 0.102.3

Description A vulnerability in the EGG archive parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to a null pointer dereference. An attacker could exploit this by sending a crafted EGG file to an affected device, potentially causing the ClamAV scanning process to crash.

Recommendations For versions 0.102.0 through 0.102.3, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting the processing of EGG files until a patch is available.

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-2461

ALT-PU-2020-2469

CLEANSTART-2026-LA13761

CLEANSTART-2026-NJ87139

CLEANSTART-2026-TC95380

CLEANSTART-2026-WX01708

CVE-2020-3481

DLA-2314-1

MGASA-2020-0322

OPENSUSE-SU-2020:2268-1

OPENSUSE-SU-2020:2276-1

OPENSUSE-SU-2020_2268-1

OPENSUSE-SU-2020_2276-1

OPENSUSE-SU-2024:10685-1

SUSE-SU-2020:3729-1

SUSE-SU-2020:3790-1

SUSE-SU-2020:3918-1

SUSE-SU-2021:14592-1

USN-4435-1

USN-4435-2

Affected Products

Alt Linux

Clamav

Linuxmint

Suse

Ubuntu

PT-2020-17250 · Cisco+4 · Clamav+4

CVE-2020-3481

Weakness Enumeration

Related Identifiers

Affected Products

References · 187