Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1858266] Affects: fedora-all [bug 1858265]
External References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481 https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html https://nvd.nist.gov/vuln/detail/CVE-2020-3481# https://github.com/Cisco-Talos/clamav-devel/commit/8bb3716be9c7ab7c6a3a1889267b1072f48af87b
Mitigation: There is no mitigation for this issue, the flaw can only be resolved by applying updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-3481