Clam AntiVirus 输入验证错误漏洞

CNNVD-ID编号	CNNVD-202005-695
CVE编号	CVE-2020-3327
发布时间	2020-05-12
更新时间	2021-01-07
漏洞类型	输入验证错误
漏洞来源	N/A
危险等级	高危
威胁类型	远程
厂商	N/A

漏洞介绍

Clam AntiVirus是ClamAV团队的一款用于检测木马，病毒，恶意软件和其他恶意威胁的开源杀毒引擎。

Clam AntiVirus 0.102.2版本中的ARJ存档解析模块存在输入验证错误漏洞。远程攻击者可借助特制ARJ文件利用该漏洞导致拒绝服务。

漏洞补丁

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：

https://www.clamav.net/

参考网址

来源:CISCO

链接：https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/
来源:GENTOO

链接：https://security.gentoo.org/glsa/202007-23
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/
来源:UBUNTU

链接：https://usn.ubuntu.com/4370-2/
来源:UBUNTU

链接：https://usn.ubuntu.com/4370-1/
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/
来源:MLIST

链接：https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html
来源:FEDORA

链接：https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/
来源:UBUNTU

链接：https://usn.ubuntu.com/4435-2/
来源:UBUNTU

链接：https://usn.ubuntu.com/4435-1/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157681/Clam-AntiVirus-Toolkit-0.102.3.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4350/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/157799/Ubuntu-Security-Notice-USN-4370-2.html
来源:www.nsfocus.net

链接：http://www.nsfocus.net/vulndb/48917
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4412/
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158454/Clam-AntiVirus-Toolkit-0.102.4.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.4540/
来源:vigilance.fr

链接：https://vigilance.fr/vulnerability/ClamAV-three-vulnerabilities-32863
来源:packetstormsecurity.com

链接：https://packetstormsecurity.com/files/158626/Ubuntu-Security-Notice-USN-4435-2.html
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2558/
来源:nvd.nist.gov

链接：https://nvd.nist.gov/vuln/detail/CVE-2020-3327
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.2704/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2021.0056/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1758/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1831/
来源:www.auscert.org.au

链接：https://www.auscert.org.au/bulletins/ESB-2020.1775/

受影响实体

暂无

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202005-695