> https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html 
> <https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html>

ClamAV 0.102.4 is out now. Users can head over to clamav.net/downloads 
<https://www.clamav.net/downloads> to download the release materials.

ClamAV 0.102.4 is a bug patch release to address the following issues:

<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350>Fixed a 
vulnerability a malicious user could exploit to replace a scan target's 
directory with a symlink to another path to trick clamscan, clamdscan, or 
clamonacc into removing or moving a different file (such as a critical system 
file). The issue would affect users that use the --move or --remove options for 
clamscan, clamdscan and clamonacc.

For more information about AV quarantine attacks using links, see RACK911 Lab's 

<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327>Fixed a 
vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could 
cause a denial-of-service (DoS) condition. Improper bounds checking resulted in 
an out-of-bounds read that could cause a crash. The previous fix for this CVE 
in version 0.102.3 was incomplete. This fix correctly resolves the issue.

<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481>Fixed a 
vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could 
cause a denial-of-service (DoS) condition. Improper error handling could cause 
a crash due to a NULL pointer dereference. This vulnerability is mitigated for 
those using the official ClamAV signature databases because the file type 
signatures in daily.cvd will not enable the EGG archive parser in affected 

We will be publishing a release candidate for version 0.103.0 in the next 
couple of weeks. Stay tuned!

Joel Esler
Manager, Communities Division
Cisco Talos Intelligence Group
http://www.talosintelligence.com | https://www.snort.org

Attachment: smime.p7s
Description: S/MIME cryptographic signature


clamav-devel mailing list

Please submit your patches to our Github: 

Help us build a comprehensive ClamAV guide:


Reply via email to