{"id":"CVE-2020-3481","details":"A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.","modified":"2026-03-20T11:36:51.799182Z","published":"2020-07-20T18:15:12.420Z","related":["MGASA-2020-0322","SUSE-SU-2020:3729-1","SUSE-SU-2020:3790-1","SUSE-SU-2020:3918-1","SUSE-SU-2021:14592-1","openSUSE-SU-2020:2268-1","openSUSE-SU-2020:2276-1","openSUSE-SU-2024:10685-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/"},{"type":"ADVISORY","url":"https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202007-23"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4435-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4435-2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"8925c55dfc6f34e7667a0afa65fdc2f5a558be3e"},{"last_affected":"bca52dfb4349ffe23b613690f8789691f766444c"}],"database_specific":{"versions":[{"introduced":"0.102.0"},{"last_affected":"0.102.3"}]}}],"versions":["clamav-0.102.0","clamav-0.102.1","clamav-0.102.2","clamav-0.102.3"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-3481.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}