A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html https://security.gentoo.org/glsa/202104-07
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1961574] Affects: fedora-all [bug 1961573]
(In reply to Marian Rehak from comment #0) > A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) > Software version 0.103.1 and all prior versions could allow an > unauthenticated, remote attacker to cause a denial of service condition on > an affected device. The vulnerability is due to improper variable > initialization that may result in an NULL pointer read. An attacker could > exploit this vulnerability by sending a crafted email to an affected device. > An exploit could allow the attacker to cause the ClamAV scanning process > crash, resulting in a denial of service condition. > > https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html https://src.fedoraproject.org/rpms/clamav [1] all branches are already updated Stable version Version in testing Fedora 35 clamav-0.103.2-1.fc35 Fedora 34 clamav-0.103.2-1.fc34 Fedora 33 clamav-0.103.2-1.fc33 Fedora 32 clamav-0.103.2-1.fc32 Fedora EPEL 8 clamav-0.103.2-1.el8 Fedora EPEL 7 clamav-0.103.2-1.el7 Fedora ELN clamav-0.103.2-1.eln110