CVE-2020-3327

HIGH7.5EPSS 14.2%

clamav - security update

Published: 5/13/2020Modified: 3/9/2026

Also known as:ALPINE-CVE-2020-3327DEBIAN-CVE-2020-3327DEBIAN-CVE-2020-3481DLA-2314-1

Description

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Affected packages (4)

Alpine/clamavfrom 0, < 0.102.3-r0
Debian/clamavfrom 0, < 0.102.4+dfsg-1
Debian/clamavfrom 0, < 0.101.5+dfsg-0+deb8u2
Debian/clamavfrom 0, < 0.102.4+dfsg-0+deb9u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2020-3327
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-3327