VulnerableCode Package Details - pkg:alpm/archlinux/clamav@0.102.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-bp4y-cbvr-aaaj Aliases: CVE-2020-7613 GHSA-5v25-xr56-phph	Injection Vulnerability clamscan is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`.	0.102.3-1 Affected by 0 other vulnerabilities.
VCID-way3-sf4b-aaaq Aliases: CVE-2020-3123	A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.	0.102.3-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bp4y-cbvr-aaaj
Aliases:
CVE-2020-7613
GHSA-5v25-xr56-phph

Injection Vulnerability clamscan is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`.

0.102.3-1
Affected by 0 other vulnerabilities.

VCID-way3-sf4b-aaaq
Aliases:
CVE-2020-3123

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

0.102.3-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:50.377390+00:00	Arch Linux Importer	Affected by	VCID-way3-sf4b-aaaq	https://security.archlinux.org/AVG-1168	36.0.0
2025-03-28T07:45:50.358629+00:00	Arch Linux Importer	Affected by	VCID-bp4y-cbvr-aaaj	https://security.archlinux.org/AVG-1168	36.0.0
2024-09-18T02:00:52.610391+00:00	Arch Linux Importer	Affected by	VCID-way3-sf4b-aaaq	https://security.archlinux.org/AVG-1168	34.0.1
2024-09-18T02:00:52.587244+00:00	Arch Linux Importer	Affected by	VCID-bp4y-cbvr-aaaj	https://security.archlinux.org/AVG-1168	34.0.1
2024-01-03T22:27:09.906072+00:00	Arch Linux Importer	Affected by	VCID-way3-sf4b-aaaq	https://security.archlinux.org/AVG-1168	34.0.0rc1
2024-01-03T22:27:09.886928+00:00	Arch Linux Importer	Affected by	VCID-bp4y-cbvr-aaaj	https://security.archlinux.org/AVG-1168	34.0.0rc1