ID

VAR-202005-0717


CVE

CVE-2020-3327


TITLE

Clam AntiVirus Input verification vulnerabilities in software

Trust: 0.8

sources: JVNDB: JVNDB-2020-005536

DESCRIPTION

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. Clam AntiVirus (ClamAV) The software contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state. Clam AntiVirus is an open source antivirus engine from the ClamAV team for detecting Trojans, viruses, malware and other malicious threats. ========================================================================= Ubuntu Security Notice USN-4435-2 July 27, 2020 clamav vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: USN-4435-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled parsing ARJ archives. (CVE-2020-3327) It was discovered that ClamAV incorrectly handled scanning malicious files. A local attacker could possibly use this issue to delete arbitrary files. (CVE-2020-3350) It was discovered that ClamAV incorrectly handled parsing EGG archives. (CVE-2020-3481) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.14.04.1+esm1 Ubuntu 12.04 ESM: clamav 0.102.4+dfsg-0ubuntu0.12.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4435-2 https://usn.ubuntu.com/4435-1 CVE-2020-3327, CVE-2020-3350, CVE-2020-3481

Trust: 2.16

sources: NVD: CVE-2020-3327 // JVNDB: JVNDB-2020-005536 // VULHUB: VHN-181452 // VULMON: CVE-2020-3327 // PACKETSTORM: 157796 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // PACKETSTORM: 157799

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:30

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:12.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:ciscomodel:clam antivirusscope:lteversion:0.102.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.10

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:clamavmodel:clamavscope:eqversion:0.102.2

Trust: 0.8

vendor:ciscomodel:clam antivirusscope:eqversion:0.102.2

Trust: 0.1

sources: VULMON: CVE-2020-3327 // JVNDB: JVNDB-2020-005536 // NVD: CVE-2020-3327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3327
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3327
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-005536
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202005-695
value: HIGH

Trust: 0.6

VULHUB: VHN-181452
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-3327
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3327
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005536
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181452
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3327
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-005536
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181452 // VULMON: CVE-2020-3327 // JVNDB: JVNDB-2020-005536 // CNNVD: CNNVD-202005-695 // NVD: CVE-2020-3327 // NVD: CVE-2020-3327

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-181452 // JVNDB: JVNDB-2020-005536 // NVD: CVE-2020-3327

THREAT TYPE

remote

Trust: 0.9

sources: PACKETSTORM: 157796 // PACKETSTORM: 158626 // PACKETSTORM: 157799 // CNNVD: CNNVD-202005-695

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202005-695

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005536

PATCH

title:ClamAV 0.102.3 security patch releasedurl:https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

Trust: 0.8

title:Clam AntiVirus Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118727

Trust: 0.6

sources: JVNDB: JVNDB-2020-005536 // CNNVD: CNNVD-202005-695

EXTERNAL IDS

db:NVDid:CVE-2020-3327

Trust: 3.0

db:PACKETSTORMid:157799

Trust: 0.8

db:PACKETSTORMid:158626

Trust: 0.8

db:JVNDBid:JVNDB-2020-005536

Trust: 0.8

db:CNNVDid:CNNVD-202005-695

Trust: 0.7

db:AUSCERTid:ESB-2020.1831

Trust: 0.6

db:AUSCERTid:ESB-2020.1775

Trust: 0.6

db:AUSCERTid:ESB-2020.1758

Trust: 0.6

db:AUSCERTid:ESB-2020.4350

Trust: 0.6

db:AUSCERTid:ESB-2021.0056

Trust: 0.6

db:AUSCERTid:ESB-2020.4540

Trust: 0.6

db:AUSCERTid:ESB-2020.2558

Trust: 0.6

db:AUSCERTid:ESB-2020.4412

Trust: 0.6

db:AUSCERTid:ESB-2020.2704

Trust: 0.6

db:PACKETSTORMid:157681

Trust: 0.6

db:PACKETSTORMid:158454

Trust: 0.6

db:NSFOCUSid:48917

Trust: 0.6

db:PACKETSTORMid:158624

Trust: 0.2

db:PACKETSTORMid:157796

Trust: 0.2

db:VULHUBid:VHN-181452

Trust: 0.1

db:VULMONid:CVE-2020-3327

Trust: 0.1

sources: VULHUB: VHN-181452 // VULMON: CVE-2020-3327 // JVNDB: JVNDB-2020-005536 // PACKETSTORM: 157796 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // PACKETSTORM: 157799 // CNNVD: CNNVD-202005-695 // NVD: CVE-2020-3327

REFERENCES

url:https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-3327

Trust: 1.8

url:https://security.gentoo.org/glsa/202007-23

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

Trust: 1.7

url:https://usn.ubuntu.com/4370-1/

Trust: 1.7

url:https://usn.ubuntu.com/4370-2/

Trust: 1.7

url:https://usn.ubuntu.com/4435-1/

Trust: 1.7

url:https://usn.ubuntu.com/4435-2/

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3327

Trust: 0.8

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ij67vh37ncg25picgwfwzhsvg7pbt7mc/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3bmtc7i5lgy4fcizlhpnc4wwc6vnlfer/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/l5ywyt27sbtv4rzsgfhiqui4lqvfasws/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/robjogjot44mvdx7rqeacyhqn4lyw5rk/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qm7exjhdezjlwm2nkh6tcdxobp5nnyin/

Trust: 0.7

url:https://packetstormsecurity.com/files/157681/clam-antivirus-toolkit-0.102.3.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4350/

Trust: 0.6

url:https://packetstormsecurity.com/files/157799/ubuntu-security-notice-usn-4370-2.html

Trust: 0.6

url:http://www.nsfocus.net/vulndb/48917

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4412/

Trust: 0.6

url:https://packetstormsecurity.com/files/158454/clam-antivirus-toolkit-0.102.4.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4540/

Trust: 0.6

url:https://vigilance.fr/vulnerability/clamav-three-vulnerabilities-32863

Trust: 0.6

url:https://packetstormsecurity.com/files/158626/ubuntu-security-notice-usn-4435-2.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2558/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2704/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0056/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1758/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1831/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1775/

Trust: 0.6

url:https://vigilance.fr/vulnerability/clamav-denial-of-service-via-an-arj-archive-32251

Trust: 0.6

url:https://usn.ubuntu.com/4370-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3341

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3481

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3350

Trust: 0.2

url:https://usn.ubuntu.com/4435-1

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181942

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.19.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.16.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.3+dfsg-0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.20.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.102.4+dfsg-0ubuntu0.16.04.1

Trust: 0.1

url:https://usn.ubuntu.com/4435-2

Trust: 0.1

url:https://usn.ubuntu.com/4370-2

Trust: 0.1

sources: VULHUB: VHN-181452 // VULMON: CVE-2020-3327 // JVNDB: JVNDB-2020-005536 // PACKETSTORM: 157796 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // PACKETSTORM: 157799 // CNNVD: CNNVD-202005-695 // NVD: CVE-2020-3327

CREDITS

Ubuntu

Trust: 1.0

sources: PACKETSTORM: 157796 // PACKETSTORM: 158624 // PACKETSTORM: 158626 // PACKETSTORM: 157799 // CNNVD: CNNVD-202005-695

SOURCES

db:VULHUBid:VHN-181452
db:VULMONid:CVE-2020-3327
db:JVNDBid:JVNDB-2020-005536
db:PACKETSTORMid:157796
db:PACKETSTORMid:158624
db:PACKETSTORMid:158626
db:PACKETSTORMid:157799
db:CNNVDid:CNNVD-202005-695
db:NVDid:CVE-2020-3327

LAST UPDATE DATE

2024-11-23T21:19:35.822000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181452date:2021-09-22T00:00:00
db:VULMONid:CVE-2020-3327date:2020-08-06T00:00:00
db:JVNDBid:JVNDB-2020-005536date:2020-06-17T00:00:00
db:CNNVDid:CNNVD-202005-695date:2021-01-07T00:00:00
db:NVDid:CVE-2020-3327date:2024-11-21T05:30:48.643

SOURCES RELEASE DATE

db:VULHUBid:VHN-181452date:2020-05-13T00:00:00
db:VULMONid:CVE-2020-3327date:2020-05-13T00:00:00
db:JVNDBid:JVNDB-2020-005536date:2020-06-17T00:00:00
db:PACKETSTORMid:157796date:2020-05-21T19:33:33
db:PACKETSTORMid:158624date:2020-07-27T18:46:40
db:PACKETSTORMid:158626date:2020-07-27T18:46:49
db:PACKETSTORMid:157799date:2020-05-21T23:56:22
db:CNNVDid:CNNVD-202005-695date:2020-05-12T00:00:00
db:NVDid:CVE-2020-3327date:2020-05-13T03:15:11.140