Search criteria
306 vulnerabilities found for clamav by clamav
CERTFR-2025-AVI-0522
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans ClamAV. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.9",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.3",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20260"
},
{
"name": "CVE-2025-20234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20234"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0522",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
]
}
CERTFR-2025-AVI-0068
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans ClamAV. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.8",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-20128",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-20128"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0068",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ClamAV. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans ClamAV",
"vendor_advisories": [
{
"published_at": "2025-01-22",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
]
}
CERTFR-2024-AVI-0744
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans ClamAV. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions ant\u00e9rieures \u00e0 0.103.12",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.3.x ant\u00e9rieures \u00e0 1.3.2",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.4.x ant\u00e9rieures \u00e0 1.4.1",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.0.x ant\u00e9rieures \u00e0 1.0.7",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20506"
},
{
"name": "CVE-2024-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20505"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0744",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2024-09-04",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-141-132-107-and-010312",
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
]
}
FKIE_CVE-2025-20260
Vulnerability from fkie_nvd - Published: 2025-06-18 18:15 - Updated: 2025-11-03 19:15
Severity ?
Summary
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77D9953-0A74-4E83-8717-88DCA0D33720",
"versionEndExcluding": "1.0.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49480D41-EBD3-4541-8418-80DD6444C6DB",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process."
},
{
"lang": "es",
"value": "Una vulnerabilidad en los procesos de escaneo de PDF de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque un desbordamiento de b\u00fafer, una denegaci\u00f3n de servicio (DoS) o ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe a que los b\u00faferes de memoria se asignan incorrectamente al procesar archivos PDF. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo PDF manipulado para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante provocar un desbordamiento de b\u00fafer, lo que probablemente resultar\u00eda en la finalizaci\u00f3n del proceso de escaneo de ClamAV y una denegaci\u00f3n de servicio (DoS) en el software afectado. Aunque no se ha demostrado, tambi\u00e9n existe la posibilidad de que un atacante aproveche el desbordamiento de b\u00fafer para ejecutar c\u00f3digo arbitrario con los privilegios del proceso de ClamAV."
}
],
"id": "CVE-2025-20260",
"lastModified": "2025-11-03T19:15:47.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-06-18T18:15:23.270",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20234
Vulnerability from fkie_nvd - Published: 2025-06-18 17:15 - Updated: 2025-08-11 18:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49480D41-EBD3-4541-8418-80DD6444C6DB",
"versionEndExcluding": "1.4.3",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "4F19C9AF-A336-4DF7-AB2A-778228F79A20",
"versionEndExcluding": "1.26.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "DFA01B75-3D43-4B20-B5A7-354854025F96",
"versionEndExcluding": "1.26.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "72687E9E-1CC5-44A2-B207-1E459FFECB56",
"versionEndExcluding": "7.5.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5389A975-75C0-47F7-9DE4-25FD91226785",
"versionEndExcluding": "8.4.5",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D78AF2-E32D-4346-A7A8-6137B623F1B8",
"versionEndExcluding": "4.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el procesamiento de Universal Disk Format (UDF) de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una sobrelectura de memoria durante el an\u00e1lisis de archivos UDF. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo manipulado con contenido UDF para que ClamAV lo analice en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante finalizar el proceso de an\u00e1lisis de ClamAV, lo que provocar\u00eda una denegaci\u00f3n de servicio (DoS) en el software afectado. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte [enlace faltante]."
}
],
"id": "CVE-2025-20234",
"lastModified": "2025-08-11T18:24:39.183",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-18T17:15:28.833",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20128
Vulnerability from fkie_nvd - Published: 2025-01-22 17:15 - Updated: 2025-11-03 19:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clamav | clamav | * | |
| clamav | clamav | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint | * | |
| cisco | secure_endpoint_private_cloud | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA36F577-6DC0-4269-BD6C-6B2C92FEE5D7",
"versionEndExcluding": "1.0.8",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5E2539-FA2D-4CF9-8CC5-C11D50994E7C",
"versionEndExcluding": "1.4.2",
"versionStartIncluding": "1.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "E952EECB-A2D2-4AD5-8C44-5A572FBB18C5",
"versionEndExcluding": "1.24.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "3E3EED81-A4E2-4B0A-A6B6-77A22559D1A0",
"versionEndExcluding": "1.25.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "44356F2D-AC9C-4A9C-8F37-96FFDC6950C4",
"versionEndExcluding": "7.5.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "145C1E4A-E704-4228-91A2-B26BD60838B9",
"versionEndExcluding": "8.4.3",
"versionStartIncluding": "8.0.1.21160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19E2B316-8BA1-459F-B7A6-E9125EBAC411",
"versionEndExcluding": "4.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la rutina de descifrado Object Linking and Embedding 2 (OLE2) de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a un desbordamiento de enteros en una comprobaci\u00f3n de los l\u00edmites que permite una lectura de desbordamiento de b\u00fafer de mont\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado con contenido OLE2 para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante terminar el proceso de escaneo de ClamAV, lo que provocar\u00eda una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en el software afectado. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el . Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad."
}
],
"id": "CVE-2025-20128",
"lastModified": "2025-11-03T19:15:47.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-22T17:15:12.583",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20506
Vulnerability from fkie_nvd - Published: 2024-09-04 22:15 - Updated: 2025-11-03 22:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C21D8C4B-CEBE-422C-A103-B516EBCC34B6",
"versionEndExcluding": "0.103.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3AF611-42CD-4EC8-9A2A-89AEC62A3D6E",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "0.104.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0EA13B-FFC9-4385-8691-38A90DCE774F",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7F43F7-EF41-4CB7-A013-6A8F274F973D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo de servicio ClamD de Clam AntiVirus (ClamAV) versiones 1.4.0, 1.3.2 y anteriores, todas las versiones 1.2.x, 1.0.6 y anteriores, todas las versiones 0.105.x, todas las versiones 0.104.x y 0.103.11 y anteriores podr\u00eda permitir que un atacante local autenticado corrompa archivos cr\u00edticos del sistema. La vulnerabilidad se debe a que permite que el proceso ClamD escriba en su archivo de registro mientras tiene privilegios sin comprobar si el archivo de registro ha sido reemplazado por un enlace simb\u00f3lico. Un atacante podr\u00eda aprovechar esta vulnerabilidad si reemplaza el archivo de registro de ClamD por un enlace simb\u00f3lico a un archivo cr\u00edtico del sistema y luego encuentra una forma de reiniciar el proceso ClamD. Una vulnerabilidad podr\u00eda permitir que el atacante corrompa un archivo cr\u00edtico del sistema a\u00f1adiendo mensajes de registro de ClamD despu\u00e9s del reinicio."
}
],
"id": "CVE-2024-20506",
"lastModified": "2025-11-03T22:16:40.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-04T22:15:04.083",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Release Notes"
],
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20505
Vulnerability from fkie_nvd - Published: 2024-09-04 22:15 - Updated: 2025-11-03 22:16
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C21D8C4B-CEBE-422C-A103-B516EBCC34B6",
"versionEndExcluding": "0.103.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D3AF611-42CD-4EC8-9A2A-89AEC62A3D6E",
"versionEndExcluding": "1.0.7",
"versionStartIncluding": "0.104.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0EA13B-FFC9-4385-8691-38A90DCE774F",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7F43F7-EF41-4CB7-A013-6A8F274F973D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el m\u00f3dulo de an\u00e1lisis de PDF de Clam AntiVirus (ClamAV) versiones 1.4.0, 1.3.2 y anteriores, todas las versiones 1.2.x, 1.0.6 y anteriores, todas las versiones 0.105.x, todas las versiones 0.104.x y 0.103.11 y anteriores podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a una lectura fuera de los l\u00edmites. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo PDF manipulado para que ClamAV lo escanee en un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante terminar el proceso de escaneo."
}
],
"id": "CVE-2024-20505",
"lastModified": "2025-11-03T22:16:40.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-04T22:15:03.887",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20380
Vulnerability from fkie_nvd - Published: 2024-04-18 20:15 - Updated: 2025-07-23 15:08
Severity ?
Summary
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "C3ACEAD4-CF16-48BD-A344-B427B017219C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.3.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "03381195-B417-4D4D-BB35-284E35652BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6BEAF0FC-6347-47F5-A865-87AAB4F6D64C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el analizador HTML de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. La vulnerabilidad se debe a un problema en la interfaz de funci\u00f3n externa de C a Rust. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado que contenga contenido HTML para que ClamAV lo analice en un dispositivo afectado. Un exploit podr\u00eda permitir al atacante provocar que finalice el proceso de escaneo de ClamAV, lo que resultar\u00eda en una condici\u00f3n DoS en el software afectado."
}
],
"id": "CVE-2024-20380",
"lastModified": "2025-07-23T15:08:46.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-04-18T20:15:17.520",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-475"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20328
Vulnerability from fkie_nvd - Published: 2024-03-01 21:15 - Updated: 2025-11-04 19:16
Severity ?
Summary
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B435D2-E87C-4EF6-B883-3C12ED264AC4",
"versionEndExcluding": "1.0.5",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ADA2E9-3E02-4352-8D68-A198DC490AA4",
"versionEndExcluding": "1.2.2",
"versionStartIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en la caracter\u00edstica VirusEvent de ClamAV podr\u00eda permitir a un atacante local inyectar comandos arbitrarios con los privilegios de la cuenta de servicio de la aplicaci\u00f3n. La vulnerabilidad se debe al manejo inseguro de nombres de archivos. Un atacante local podr\u00eda aprovechar esta vulnerabilidad proporcionando un nombre de archivo que contenga secuencias de l\u00ednea de comandos. Cuando se procesa en un sistema usando opciones de configuraci\u00f3n para la funci\u00f3n VirusEvent, el atacante podr\u00eda hacer que la aplicaci\u00f3n ejecute comandos arbitrarios. ClamAV ha lanzado actualizaciones de software que abordan esta vulnerabilidad. No existen soluciones alternativas que aborden esta vulnerabilidad."
}
],
"id": "CVE-2024-20328",
"lastModified": "2025-11-04T19:16:28.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-03-01T21:15:07.790",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
CVE-2025-20260 (GCVE-0-2025-20260)
Vulnerability from cvelistv5 – Published: 2025-06-18 17:08 – Updated: 2025-11-03 18:08
VLAI?
Summary
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:55:07.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:44.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:08:36.207Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "clamav-143-and-109-security-patch",
"defects": [
"CSCwo64672"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PDF Scanning Buffer Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20260",
"datePublished": "2025-06-18T17:08:36.207Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-11-03T18:08:44.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20234 (GCVE-0-2025-20234)
Vulnerability from cvelistv5 – Published: 2025-06-18 16:20 – Updated: 2025-06-18 18:22
VLAI?
Summary
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.1 Affected: 1.21.0 Affected: 1.21.2 Affected: 1.22.4 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.4 Affected: 1.17.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:20:31.170035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:22:44.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T16:20:01.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-udf-hmwd9nDy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-udf-hmwd9nDy",
"defects": [
"CSCwo45640"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20234",
"datePublished": "2025-06-18T16:20:01.175Z",
"dateReserved": "2024-10-10T19:15:13.237Z",
"dateUpdated": "2025-06-18T18:22:44.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20128 (GCVE-0-2025-20128)
Vulnerability from cvelistv5 – Published: 2025-01-22 16:21 – Updated: 2025-11-03 18:08
VLAI?
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 7.2.5 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.12.7 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:54:39.076758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:40:10.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:43.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:21:12.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-ole2-H549rphA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-ole2-H549rphA",
"defects": [
"CSCwm83037"
],
"discovery": "INTERNAL"
},
"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20128",
"datePublished": "2025-01-22T16:21:12.329Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-11-03T18:08:43.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20506 (GCVE-0-2024-20506)
Vulnerability from cvelistv5 – Published: 2024-09-04 21:28 – Updated: 2025-11-03 21:52
VLAI?
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Severity ?
6.1 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:34:43.487532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:59:30.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:28:54.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk31741"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV Privilege Handling Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20506",
"datePublished": "2024-09-04T21:28:54.812Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20505 (GCVE-0-2024-20505)
Vulnerability from cvelistv5 – Published: 2024-09-04 21:23 – Updated: 2025-11-03 21:52
VLAI?
Summary
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
Severity ?
4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:35:13.258736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:00:08.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:23:55.715Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk44457"
],
"discovery": "INTERNAL"
},
"title": "ClamAV Memory Handling DoS"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20505",
"datePublished": "2024-09-04T21:23:55.715Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20380 (GCVE-0-2024-20380)
Vulnerability from cvelistv5 – Published: 2024-04-18 19:19 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity ?
7.5 (High)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clam_antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clam_antivirus",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T03:18:49.587479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:59.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": " 1.3"
}
]
}
],
"datePublic": "2024-04-18T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T19:19:21.423Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV HTML Parser Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20380",
"datePublished": "2024-04-18T19:19:21.423Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-08-01T21:59:41.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20328 (GCVE-0-2024-20328)
Vulnerability from cvelistv5 – Published: 2024-03-01 20:48 – Updated: 2025-11-04 18:22
VLAI?
Summary
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:40:24.549668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:45:50.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:37.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T20:48:15.328Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV VirusEvent File Processing Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20328",
"datePublished": "2024-03-01T20:48:15.328Z",
"dateReserved": "2023-11-08T15:08:07.641Z",
"dateUpdated": "2025-11-04T18:22:37.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20260 (GCVE-0-2025-20260)
Vulnerability from nvd – Published: 2025-06-18 17:08 – Updated: 2025-11-03 18:08
VLAI?
Summary
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
Severity ?
9.8 (Critical)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T03:55:07.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:44.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.2"
},
{
"status": "affected",
"version": "1.4.1"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.3.1"
},
{
"status": "affected",
"version": "1.3.0"
},
{
"status": "affected",
"version": "1.2.3"
},
{
"status": "affected",
"version": "1.2.2"
},
{
"status": "affected",
"version": "1.2.1"
},
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.\r\n\r\nThis vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T17:08:36.207Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "clamav-143-and-109-security-patch",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "clamav-143-and-109-security-patch",
"defects": [
"CSCwo64672"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PDF Scanning Buffer Overflow Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20260",
"datePublished": "2025-06-18T17:08:36.207Z",
"dateReserved": "2024-10-10T19:15:13.243Z",
"dateUpdated": "2025-11-03T18:08:44.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20234 (GCVE-0-2025-20234)
Vulnerability from nvd – Published: 2025-06-18 16:20 – Updated: 2025-06-18 18:22
VLAI?
Summary
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Severity ?
5.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.1 Affected: 1.21.0 Affected: 1.21.2 Affected: 1.22.4 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.4 Affected: 1.17.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-18T18:20:31.170035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:22:44.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the ."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T16:20:01.175Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-udf-hmwd9nDy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-udf-hmwd9nDy"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-udf-hmwd9nDy",
"defects": [
"CSCwo45640"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20234",
"datePublished": "2025-06-18T16:20:01.175Z",
"dateReserved": "2024-10-10T19:15:13.237Z",
"dateUpdated": "2025-06-18T18:22:44.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20128 (GCVE-0-2025-20128)
Vulnerability from nvd – Published: 2025-01-22 16:21 – Updated: 2025-11-03 18:08
VLAI?
Summary
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.
For a description of this vulnerability, see the .
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 7.2.5 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.12.7 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.0 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20128",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-22T16:54:39.076758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T19:40:10.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:43.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-22T16:21:12.329Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-ole2-H549rphA",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA"
},
{
"name": "ClamAV blog",
"url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html"
}
],
"source": {
"advisory": "cisco-sa-clamav-ole2-H549rphA",
"defects": [
"CSCwm83037"
],
"discovery": "INTERNAL"
},
"title": "ClamAV OLE2 File Format Decryption Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20128",
"datePublished": "2025-01-22T16:21:12.329Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-11-03T18:08:43.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20506 (GCVE-0-2024-20506)
Vulnerability from nvd – Published: 2024-09-04 21:28 – Updated: 2025-11-03 21:52
VLAI?
Summary
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.
The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
Severity ?
6.1 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20506",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:34:43.487532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:59:30.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:31.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files.\r\n\r\nThe vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:28:54.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk31741"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV Privilege Handling Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20506",
"datePublished": "2024-09-04T21:28:54.812Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:31.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20505 (GCVE-0-2024-20505)
Vulnerability from nvd – Published: 2024-09-04 21:23 – Updated: 2025-11-03 21:52
VLAI?
Summary
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
Severity ?
4 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | ClamAV |
Affected:
1.4.0
Affected: 1.3.2 Affected: 1.0.6 Affected: 1.0.5 Affected: 1.0.4 Affected: 1.0.3 Affected: 1.0.2 Affected: 1.0.1 Affected: 1.0.0 Affected: 1.2.x Affected: 0.105.x Affected: 0.104.x Affected: 0.103.11 Affected: 0.103.10 Affected: 0.103.9 Affected: 0.103.8 Affected: 0.103.7 Affected: 0.103.6 Affected: 0.103.5 Affected: 0.103.4 Affected: 0.103.3 Affected: 0.103.2 Affected: 0.103.1 Affected: 0.103.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20505",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:35:13.258736Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:00:08.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:52:30.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "affected",
"version": "1.3.2"
},
{
"status": "affected",
"version": "1.0.6"
},
{
"status": "affected",
"version": "1.0.5"
},
{
"status": "affected",
"version": "1.0.4"
},
{
"status": "affected",
"version": "1.0.3"
},
{
"status": "affected",
"version": "1.0.2"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.2.x"
},
{
"status": "affected",
"version": "0.105.x"
},
{
"status": "affected",
"version": "0.104.x"
},
{
"status": "affected",
"version": "0.103.11"
},
{
"status": "affected",
"version": "0.103.10"
},
{
"status": "affected",
"version": "0.103.9"
},
{
"status": "affected",
"version": "0.103.8"
},
{
"status": "affected",
"version": "0.103.7"
},
{
"status": "affected",
"version": "0.103.6"
},
{
"status": "affected",
"version": "0.103.5"
},
{
"status": "affected",
"version": "0.103.4"
},
{
"status": "affected",
"version": "0.103.3"
},
{
"status": "affected",
"version": "0.103.2"
},
{
"status": "affected",
"version": "0.103.1"
},
{
"status": "affected",
"version": "0.103.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T21:23:55.715Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html"
}
],
"source": {
"defects": [
"CSCwk44457"
],
"discovery": "INTERNAL"
},
"title": "ClamAV Memory Handling DoS"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20505",
"datePublished": "2024-09-04T21:23:55.715Z",
"dateReserved": "2023-11-08T15:08:07.688Z",
"dateUpdated": "2025-11-03T21:52:30.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-20380 (GCVE-0-2024-20380)
Vulnerability from nvd – Published: 2024-04-18 19:19 – Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity ?
7.5 (High)
CWE
- CWE-475 - Undefined Behavior for Input to API
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clam_antivirus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clam_antivirus",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.3"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-20T03:18:49.587479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:59.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:41.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": " 1.3"
}
]
}
],
"datePublic": "2024-04-18T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThe vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-475",
"description": "CWE-475: Undefined Behavior for Input to API",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-18T19:19:21.423Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2024/04/clamav-131-123-106-patch-versions.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV HTML Parser Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20380",
"datePublished": "2024-04-18T19:19:21.423Z",
"dateReserved": "2023-11-08T15:08:07.656Z",
"dateUpdated": "2024-08-01T21:59:41.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20328 (GCVE-0-2024-20328)
Vulnerability from nvd – Published: 2024-03-01 20:48 – Updated: 2025-11-04 18:22
VLAI?
Summary
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.
ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity ?
5.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:clamav:1.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "clamav",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20328",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T15:40:24.549668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:45:50.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:22:37.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ClamAV",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.2.0"
},
{
"status": "affected",
"version": "1.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.\nClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T20:48:15.328Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"url": "https://blog.clamav.net/2023/11/clamav-130-122-105-released.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ClamAV VirusEvent File Processing Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20328",
"datePublished": "2024-03-01T20:48:15.328Z",
"dateReserved": "2023-11-08T15:08:07.641Z",
"dateUpdated": "2025-11-04T18:22:37.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-202205-0218
Vulnerability from variot - Updated: 2024-02-13 01:35On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.103.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20771",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20771",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405324",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20771",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-20771",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20771",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405324",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20771",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64262",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405324",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20771",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"id": "VAR-202205-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T01:35:37.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191378"
},
{
"title": "Cisco: ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-zazbwrvg"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-20771"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20771/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-zazbwrvg"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405324"
},
{
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2022-05-04T17:15:08.440000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405324"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20771"
},
{
"date": "2023-08-16T04:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-010586"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2064"
},
{
"date": "2023-11-07T03:42:54.193000",
"db": "NVD",
"id": "CVE-2022-20771"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010586"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2064"
}
],
"trust": 0.6
}
}
VAR-202205-0219
Vulnerability from variot - Updated: 2024-02-13 01:35On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0219",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.103.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20770",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20770",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405323",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20770",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-20770",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20770",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405323",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20770",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64261",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405323",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20770",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"id": "VAR-202205-0219",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T01:35:37.005000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191379"
},
{
"title": "Cisco: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-prvgchld"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-20770"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20770/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405323"
},
{
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2022-05-04T17:15:08.377000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405323"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20770"
},
{
"date": "2023-08-16T04:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-010587"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2065"
},
{
"date": "2023-11-07T03:42:53.957000",
"db": "NVD",
"id": "CVE-2022-20770"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010587"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2065"
}
],
"trust": 0.6
}
}
VAR-202205-0220
Vulnerability from variot - Updated: 2024-02-13 01:35On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022
clamav vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in ClamAV.
Software Description: - clamav: Anti-virus utility for Unix
Details:
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.
Original advisory details:
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)
Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)
Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)
Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)
Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01
https://security.gentoo.org/
Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01
Synopsis
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.
Background
ClamAV is a GPL virus scanner.
Affected packages
Package Vulnerable Unaffected
app-antivirus/clamav < 0.103.7 >= 0.103.7
Description
Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"
References
[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202310-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.16.3"
},
{
"model": "clamav",
"scope": "lte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.103.5"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.17.2"
},
{
"model": "clamav",
"scope": "gte",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "36"
},
{
"model": "secure endpoint",
"scope": "gte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "clamav",
"scope": "lt",
"trust": 1.0,
"vendor": "clamav",
"version": "0.104.2"
},
{
"model": "secure endpoint",
"scope": "lt",
"trust": 1.0,
"vendor": "cisco",
"version": "1.18.2"
},
{
"model": "cisco secure endpoint",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "clamav",
"scope": null,
"trust": 0.8,
"vendor": "clamav",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.104.2",
"versionStartIncluding": "0.104.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.103.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.103.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
"cpe_name": [],
"versionEndExcluding": "7.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.16.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe_name": [],
"versionEndExcluding": "1.17.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
}
],
"trust": 0.2
},
"cve": "CVE-2022-20785",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20785",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-405338",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-20785",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-20785",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2022-20785",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-405338",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service. (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5423-2\n https://ubuntu.com/security/notices/USN-5423-1\n CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: ClamAV: Multiple Vulnerabilities\n Date: October 01, 2023\n Bugs: #831083, #842813, #894672\n ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage Vulnerable Unaffected\n-------------------- ------------ ------------\napp-antivirus/clamav \u003c 0.103.7 \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-20785",
"trust": 3.7
},
{
"db": "PACKETSTORM",
"id": "167211",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "167199",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.2431",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2362",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2784",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051836",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051732",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022050437",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-64260",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-405338",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-20785",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "174873",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"id": "VAR-202205-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T01:35:36.875000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://www.clamav.net/"
},
{
"title": "ClamAV Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191377"
},
{
"title": "Cisco: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-html-xauok8mr"
},
{
"title": "Red Hat: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2022-20785"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-20785"
},
{
"title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-1"
},
{
"title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-2"
},
{
"title": "Amazon Linux AMI: ALAS-2022-1621",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1621"
},
{
"title": "Amazon Linux 2022: ALAS2022-2022-090",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-090"
},
{
"title": "Amazon Linux 2022: ALAS-2022-229",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-229"
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-23305 "
},
{
"title": "CVE-2022-XXXX",
"trust": 0.1,
"url": "https://github.com/alphabugx/cve-2022-rce "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.1
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-html-xauok8mr"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202310-01"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-20785/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5423-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5423-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-405338"
},
{
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2022-05-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-05-18T16:36:26",
"db": "PACKETSTORM",
"id": "167211"
},
{
"date": "2022-05-17T17:12:26",
"db": "PACKETSTORM",
"id": "167199"
},
{
"date": "2023-10-02T15:09:41",
"db": "PACKETSTORM",
"id": "174873"
},
{
"date": "2022-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2022-05-04T17:15:08.680000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-07-01T00:00:00",
"db": "VULHUB",
"id": "VHN-405338"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-20785"
},
{
"date": "2023-08-14T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2022-010292"
},
{
"date": "2022-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-2063"
},
{
"date": "2023-11-07T03:42:56.707000",
"db": "NVD",
"id": "CVE-2022-20785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "167211"
},
{
"db": "PACKETSTORM",
"id": "167199"
},
{
"db": "PACKETSTORM",
"id": "174873"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClamAV\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-010292"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-2063"
}
],
"trust": 0.6
}
}