cve-2022-20770

Vulnerability from cvelistv5

Published

2022-05-04 17:05

Modified

2024-11-06 16:16

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Summary

References

URL	Tags
ykramarz@cisco.com	https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html	Mailing List, Third Party Advisory
ykramarz@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
ykramarz@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
ykramarz@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
ykramarz@cisco.com	https://security.gentoo.org/glsa/202310-01
ykramarz@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202310-01
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd	Third Party Advisory

Impacted products

Vendor

Product

Version

▼

Cisco

Cisco AMP for Endpoints

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
          },
          {
            "name": "FEDORA-2022-b8691af27b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
          },
          {
            "name": "FEDORA-2022-0ac71a8f3a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
          },
          {
            "name": "FEDORA-2022-a910a41a17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
          },
          {
            "name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
          },
          {
            "name": "GLSA-202310-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202310-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20770",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T16:01:32.714443Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:16:53.850Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco AMP for Endpoints",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-01T10:06:22.000805",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
        },
        {
          "name": "FEDORA-2022-b8691af27b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
        },
        {
          "name": "FEDORA-2022-0ac71a8f3a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
        },
        {
          "name": "FEDORA-2022-a910a41a17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
        },
        {
          "name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
        },
        {
          "name": "GLSA-202310-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202310-01"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-dos-prVGcHLd",
        "defect": [
          [
            "CSCwa95108",
            "CSCwa95109",
            "CSCwa95110"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20770",
    "datePublished": "2022-05-04T17:05:29.271076Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-06T16:16:53.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*\", \"versionEndIncluding\": \"0.103.5\", \"matchCriteriaId\": \"27ADFD65-7F57-461B-AD74-FF8F7950B5E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.104.0\", \"versionEndIncluding\": \"0.104.2\", \"matchCriteriaId\": \"FEA3B921-70F0-455E-84F0-EA08498AEB4D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*\", \"versionEndExcluding\": \"1.16.3\", \"matchCriteriaId\": \"2D18B72E-A39C-4355-880C-D8F56F69DEC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*\", \"versionEndExcluding\": \"1.17.2\", \"matchCriteriaId\": \"7EB9082D-A730-4BC0-A7C3-FD41C9B90C62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"7.5.5\", \"matchCriteriaId\": \"941865DD-D900-4FF7-B94B-8A4849653E01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*\", \"versionStartIncluding\": \"1.18.0\", \"versionEndExcluding\": \"1.18.2\", \"matchCriteriaId\": \"F3E65C72-96CF-445D-9A4C-ED82ED79882E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*\", \"versionStartIncluding\": \"1.18.0\", \"versionEndExcluding\": \"1.18.2\", \"matchCriteriaId\": \"30810C03-D9F9-4CD2-B276-11E9302F245C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.\"}, {\"lang\": \"es\", \"value\": \"El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos CHM de Clam AntiVirus (ClamAV) versiones 0.104.0 hasta 0.104.2 y LTS versi\\u00f3n 0.103.5 y anteriores, podr\\u00eda permitir a un atacante remoto no autenticado causar una condici\\u00f3n de denegaci\\u00f3n de servicio en un dispositivo afectado. Para una descripci\\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\\u00e1 actualizado a medida que est\\u00e9 disponible informaci\\u00f3n adicional\"}]",
      "id": "CVE-2022-20770",
      "lastModified": "2024-11-21T06:43:31.263",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"baseScore\": 8.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-05-04T17:15:08.377",
      "references": "[{\"url\": \"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202310-01\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202310-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20770\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2022-05-04T17:15:08.377\",\"lastModified\":\"2024-11-21T06:43:31.263\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.\"},{\"lang\":\"es\",\"value\":\"El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos CHM de Clam AntiVirus (ClamAV) versiones 0.104.0 hasta 0.104.2 y LTS versi\u00f3n 0.103.5 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\u00e1 actualizado a medida que est\u00e9 disponible informaci\u00f3n adicional\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*\",\"versionEndIncluding\":\"0.103.5\",\"matchCriteriaId\":\"27ADFD65-7F57-461B-AD74-FF8F7950B5E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.104.0\",\"versionEndIncluding\":\"0.104.2\",\"matchCriteriaId\":\"FEA3B921-70F0-455E-84F0-EA08498AEB4D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*\",\"versionEndExcluding\":\"1.16.3\",\"matchCriteriaId\":\"2D18B72E-A39C-4355-880C-D8F56F69DEC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*\",\"versionEndExcluding\":\"1.17.2\",\"matchCriteriaId\":\"7EB9082D-A730-4BC0-A7C3-FD41C9B90C62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.5.5\",\"matchCriteriaId\":\"941865DD-D900-4FF7-B94B-8A4849653E01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.2\",\"matchCriteriaId\":\"F3E65C72-96CF-445D-9A4C-ED82ED79882E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*\",\"versionStartIncluding\":\"1.18.0\",\"versionEndExcluding\":\"1.18.2\",\"matchCriteriaId\":\"30810C03-D9F9-4CD2-B276-11E9302F245C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://security.gentoo.org/glsa/202310-01\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202310-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\", \"name\": \"20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\", \"name\": \"FEDORA-2022-b8691af27b\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\", \"name\": \"FEDORA-2022-0ac71a8f3a\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\", \"name\": \"FEDORA-2022-a910a41a17\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\", \"name\": \"[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-01\", \"name\": \"GLSA-202310-01\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T02:24:49.339Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20770\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-06T16:01:32.714443Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-06T16:02:03.797Z\"}}], \"cna\": {\"title\": \"ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022\", \"source\": {\"defect\": [[\"CSCwa95108\", \"CSCwa95109\", \"CSCwa95110\"]], \"advisory\": \"cisco-sa-clamav-dos-prVGcHLd\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco AMP for Endpoints\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2022-05-04T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\", \"name\": \"20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/\", \"name\": \"FEDORA-2022-b8691af27b\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/\", \"name\": \"FEDORA-2022-0ac71a8f3a\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/\", \"name\": \"FEDORA-2022-a910a41a17\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html\", \"name\": \"[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.gentoo.org/glsa/202310-01\", \"name\": \"GLSA-202310-01\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-399\", \"description\": \"CWE-399\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2023-10-01T10:06:22.000805\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-20770\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-06T16:16:53.850Z\", \"dateReserved\": \"2021-11-02T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2022-05-04T17:05:29.271076Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-5443-gj53-cw56

Vulnerability from github

Published

2022-05-05 00:00

Modified

2022-05-13 00:00

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-20770"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-04T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",
  "id": "GHSA-5443-gj53-cw56",
  "modified": "2022-05-13T00:00:33Z",
  "published": "2022-05-05T00:00:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20770"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-01"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cisco-sa-clamav-dos-prvgchld

Vulnerability from csaf_cisco

Published

2022-05-04 16:00

Modified

2022-12-14 18:46

Summary

ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

Notes

Summary

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"]. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"]

Affected Products

Cisco investigated its product line to determine which products may be affected by this vulnerability. The Vulnerable Products section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.

Vulnerable Products

The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details. Cisco Product Cisco Bug ID Fixed Release Availability ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"] Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints, for Linux CSCwa95108 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95108"] 1.17.2 1.18.0 Secure Endpoint, formerly AMP for Endpoints, for MacOS CSCwa95109 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95109"] 1.16.3 1.18.0 Secure Endpoint, formerly AMP for Endpoints, for Windows CSCwa95110 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95110"] 7.5.5 Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure ["https://www.cisco.com/c/en/us/products/security/secure-names.html"].

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability. Cisco has confirmed that the following Cisco products that include a version of the ClamAV library are not affected by this vulnerability: Email Security Appliance Firepower Threat Defense (FTD) Software Secure Email and Web Manager, formerly Security Management Appliance Web Security Appliance

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

For information about fixed software releases ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], consult the Cisco bugs identified in the Vulnerable Products ["#vp"] section of this advisory. When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories ["https://www.cisco.com/go/psirt"] page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Michal Dardas for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Michal Dardas for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r\n\r\n\r\nA vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r\n\r\nFor a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html\"].\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Cisco investigated its product line to determine which products may be affected by this vulnerability.\r\n\r\nThe Vulnerable Products section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n        Cisco Product  Cisco Bug ID  Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"]          Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints, for Linux  CSCwa95108 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95108\"]  1.17.2\r\n1.18.0      Secure Endpoint, formerly AMP for Endpoints, for MacOS  CSCwa95109 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95109\"]  1.16.3\r\n1.18.0      Secure Endpoint, formerly AMP for Endpoints, for Windows  CSCwa95110 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95110\"]  7.5.5\r\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure [\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"].",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that the following Cisco products that include a version of the ClamAV library are not affected by this vulnerability:\r\n\r\nEmail Security Appliance\r\nFirepower Threat Defense (FTD) Software\r\nSecure Email and Web Manager, formerly Security Management Appliance\r\nWeb Security Appliance",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories [\"https://www.cisco.com/go/psirt\"] page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Michal Dardas for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "ClamAV blog",
        "url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
      },
      {
        "category": "external",
        "summary": "Fixed Release Availability",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "CSCwa95108",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95108"
      },
      {
        "category": "external",
        "summary": "CSCwa95109",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95109"
      },
      {
        "category": "external",
        "summary": "CSCwa95110",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95110"
      },
      {
        "category": "external",
        "summary": "Meet Cisco\u0026nbsp;Secure",
        "url": "https://www.cisco.com/c/en/us/products/security/secure-names.html"
      },
      {
        "category": "external",
        "summary": "fixed software releases",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
    "tracking": {
      "current_release_date": "2022-12-14T18:46:44+00:00",
      "generator": {
        "date": "2022-12-14T18:46:47+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-clamav-dos-prVGcHLd",
      "initial_release_date": "2022-05-04T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2022-05-04T15:47:14+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2022-05-04T20:36:46+00:00",
          "number": "1.1.0",
          "summary": "Corrected ClamAV release date and included direct link to ClamAV release."
        },
        {
          "date": "2022-12-14T18:46:44+00:00",
          "number": "1.2.0",
          "summary": "Removed references to an ongoing investigation and updated the advisory status to Final."
        }
      ],
      "status": "final",
      "version": "1.2.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco AMP for Endpoints",
            "product": {
              "name": "Cisco AMP for Endpoints ",
              "product_id": "CSAFPID-221075"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-20770",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95108"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95109"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95110"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-221075"
        ]
      },
      "release_date": "2022-05-04T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-221075"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-221075"
          ]
        }
      ],
      "title": "Multiple Cisco Products ClamAV CHM File Parsing Denial of Service Vulnerability"
    }
  ]
}

cisco-sa-clamav-dos-prVGcHLd

Vulnerability from csaf_cisco

Published

2022-05-04 16:00

Modified

2022-12-14 18:46

Summary

ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022

Notes

Summary

Affected Products

Vulnerable Products

Products Confirmed Not Vulnerable

Workarounds

There are no workarounds that address this vulnerability.

Fixed Software

Vulnerability Policy

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank Michal Dardas for reporting this vulnerability.

Legal Disclaimer

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "summary": "Cisco would like to thank Michal Dardas for reporting this vulnerability."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "notes": [
      {
        "category": "summary",
        "text": "On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:\r\n\r\n\r\nA vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.\r\n\r\nFor a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html\"].\r\n\r\nThis advisory is available at the following link:\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd\"]",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "Cisco investigated its product line to determine which products may be affected by this vulnerability.\r\n\r\nThe Vulnerable Products section includes Cisco bug IDs for each affected product. The bugs are accessible through the Cisco Bug Search Tool and contain additional platform-specific information, including workarounds (if available) and fixed software releases.",
        "title": "Affected Products"
      },
      {
        "category": "general",
        "text": "The following table lists Cisco products that are affected by the vulnerability that is described in this advisory. If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n        Cisco Product  Cisco Bug ID  Fixed Release Availability [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"]          Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints, for Linux  CSCwa95108 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95108\"]  1.17.2\r\n1.18.0      Secure Endpoint, formerly AMP for Endpoints, for MacOS  CSCwa95109 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95109\"]  1.16.3\r\n1.18.0      Secure Endpoint, formerly AMP for Endpoints, for Windows  CSCwa95110 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95110\"]  7.5.5\r\nAttention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see Meet Cisco Secure [\"https://www.cisco.com/c/en/us/products/security/secure-names.html\"].",
        "title": "Vulnerable Products"
      },
      {
        "category": "general",
        "text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.\r\n\r\nCisco has confirmed that the following Cisco products that include a version of the ClamAV library are not affected by this vulnerability:\r\n\r\nEmail Security Appliance\r\nFirepower Threat Defense (FTD) Software\r\nSecure Email and Web Manager, formerly Security Management Appliance\r\nWeb Security Appliance",
        "title": "Products Confirmed Not Vulnerable"
      },
      {
        "category": "general",
        "text": "There are no workarounds that address this vulnerability.",
        "title": "Workarounds"
      },
      {
        "category": "general",
        "text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories [\"https://www.cisco.com/go/psirt\"] page, to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
        "title": "Fixed Software"
      },
      {
        "category": "general",
        "text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
        "title": "Vulnerability Policy"
      },
      {
        "category": "general",
        "text": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
        "title": "Exploitation and Public Announcements"
      },
      {
        "category": "general",
        "text": "Cisco would like to thank Michal Dardas for reporting this vulnerability.",
        "title": "Source"
      },
      {
        "category": "legal_disclaimer",
        "text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
        "title": "Legal Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "Emergency Support:\r\n+1 877 228 7302 (toll-free within North America)\r\n+1 408 525 6532 (International direct-dial)\r\nNon-emergency Support:\r\nEmail: psirt@cisco.com\r\nSupport requests that are received via e-mail are typically acknowledged within 48 hours.",
      "issuing_authority": "Cisco product security incident response is the responsibility of the Cisco Product Security Incident Response Team (PSIRT). The Cisco PSIRT is a dedicated, global team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks. The on-call Cisco PSIRT works 24x7 with Cisco customers, independent security researchers, consultants, industry organizations, and other vendors to identify possible security issues with Cisco products and networks.\r\nMore information can be found in Cisco Security Vulnerability Policy available at https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
      "name": "Cisco",
      "namespace": "https://wwww.cisco.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
      },
      {
        "category": "external",
        "summary": "Cisco Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      },
      {
        "category": "external",
        "summary": "ClamAV blog",
        "url": "https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"
      },
      {
        "category": "external",
        "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd",
        "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
      },
      {
        "category": "external",
        "summary": "Fixed Release Availability",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "CSCwa95108",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95108"
      },
      {
        "category": "external",
        "summary": "CSCwa95109",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95109"
      },
      {
        "category": "external",
        "summary": "CSCwa95110",
        "url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa95110"
      },
      {
        "category": "external",
        "summary": "Meet Cisco\u0026nbsp;Secure",
        "url": "https://www.cisco.com/c/en/us/products/security/secure-names.html"
      },
      {
        "category": "external",
        "summary": "fixed software releases",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "considering software upgrades",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
      },
      {
        "category": "external",
        "summary": "Cisco\u0026nbsp;Security Advisories",
        "url": "https://www.cisco.com/go/psirt"
      },
      {
        "category": "external",
        "summary": "Security Vulnerability Policy",
        "url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
      }
    ],
    "title": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
    "tracking": {
      "current_release_date": "2022-12-14T18:46:44+00:00",
      "generator": {
        "date": "2022-12-14T18:46:47+00:00",
        "engine": {
          "name": "TVCE"
        }
      },
      "id": "cisco-sa-clamav-dos-prVGcHLd",
      "initial_release_date": "2022-05-04T16:00:00+00:00",
      "revision_history": [
        {
          "date": "2022-05-04T15:47:14+00:00",
          "number": "1.0.0",
          "summary": "Initial public release."
        },
        {
          "date": "2022-05-04T20:36:46+00:00",
          "number": "1.1.0",
          "summary": "Corrected ClamAV release date and included direct link to ClamAV release."
        },
        {
          "date": "2022-12-14T18:46:44+00:00",
          "number": "1.2.0",
          "summary": "Removed references to an ongoing investigation and updated the advisory status to Final."
        }
      ],
      "status": "final",
      "version": "1.2.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Cisco AMP for Endpoints",
            "product": {
              "name": "Cisco AMP for Endpoints ",
              "product_id": "CSAFPID-221075"
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-20770",
      "ids": [
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95108"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95109"
        },
        {
          "system_name": "Cisco Bug ID",
          "text": "CSCwa95110"
        }
      ],
      "notes": [
        {
          "category": "other",
          "text": "Complete.",
          "title": "Affected Product Comprehensiveness"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-221075"
        ]
      },
      "release_date": "2022-05-04T16:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Cisco has released software updates that address this vulnerability.",
          "product_ids": [
            "CSAFPID-221075"
          ],
          "url": "https://software.cisco.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-221075"
          ]
        }
      ],
      "title": "Multiple Cisco Products ClamAV CHM File Parsing Denial of Service Vulnerability"
    }
  ]
}

gsd-2022-20770

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-20770

Aliases

CVE-2022-20770

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-20770",
    "description": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",
    "id": "GSD-2022-20770",
    "references": [
      "https://security.archlinux.org/CVE-2022-20770",
      "https://advisories.mageia.org/CVE-2022-20770.html",
      "https://www.suse.com/security/cve/CVE-2022-20770.html",
      "https://ubuntu.com/security/CVE-2022-20770",
      "https://alas.aws.amazon.com/cve/html/CVE-2022-20770.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-20770"
      ],
      "details": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.",
      "id": "GSD-2022-20770",
      "modified": "2023-12-13T01:19:16.576148Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2022-05-04T23:00:00",
        "ID": "CVE-2022-20770",
        "STATE": "PUBLIC",
        "TITLE": "ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco AMP for Endpoints ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "8.6",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-399"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
          },
          {
            "name": "FEDORA-2022-b8691af27b",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
          },
          {
            "name": "FEDORA-2022-0ac71a8f3a",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
          },
          {
            "name": "FEDORA-2022-a910a41a17",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
          },
          {
            "name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
          },
          {
            "name": "GLSA-202310-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202310-01"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-clamav-dos-prVGcHLd",
        "defect": [
          [
            "CSCwa95108",
            "CSCwa95109",
            "CSCwa95110"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.103.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.104.2",
                "versionStartIncluding": "0.104.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.16.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.18.2",
                "versionStartIncluding": "1.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.18.2",
                "versionStartIncluding": "1.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.17.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2022-20770"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022",
              "refsource": "CISCO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
            },
            {
              "name": "FEDORA-2022-b8691af27b",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
            },
            {
              "name": "FEDORA-2022-0ac71a8f3a",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
            },
            {
              "name": "FEDORA-2022-a910a41a17",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
            },
            {
              "name": "[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
            },
            {
              "name": "GLSA-202310-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202310-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-10-01T11:15Z",
      "publishedDate": "2022-05-04T17:15Z"
    }
  }
}

fkie_cve-2022-20770

Vulnerability from fkie_nvd

Published

2022-05-04 17:15

Modified

2024-11-21 06:43

Severity ?

8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@cisco.com	https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html	Mailing List, Third Party Advisory
psirt@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
psirt@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
psirt@cisco.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
psirt@cisco.com	https://security.gentoo.org/glsa/202310-01
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202310-01
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd	Third Party Advisory

Impacted products

Vendor	Product	Version
clamav	clamav	*
clamav	clamav	*
cisco	secure_endpoint	*
cisco	secure_endpoint	*
cisco	secure_endpoint	*
cisco	secure_endpoint	*
cisco	secure_endpoint	*
fedoraproject	fedora	34
fedoraproject	fedora	35
fedoraproject	fedora	36
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "27ADFD65-7F57-461B-AD74-FF8F7950B5E1",
              "versionEndIncluding": "0.103.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEA3B921-70F0-455E-84F0-EA08498AEB4D",
              "versionEndIncluding": "0.104.2",
              "versionStartIncluding": "0.104.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "2D18B72E-A39C-4355-880C-D8F56F69DEC1",
              "versionEndExcluding": "1.16.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "7EB9082D-A730-4BC0-A7C3-FD41C9B90C62",
              "versionEndExcluding": "1.17.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "941865DD-D900-4FF7-B94B-8A4849653E01",
              "versionEndExcluding": "7.5.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E65C72-96CF-445D-9A4C-ED82ED79882E",
              "versionEndExcluding": "1.18.2",
              "versionStartIncluding": "1.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "30810C03-D9F9-4CD2-B276-11E9302F245C",
              "versionEndExcluding": "1.18.2",
              "versionStartIncluding": "1.18.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available."
    },
    {
      "lang": "es",
      "value": "El 20 de abril de 2022, fue divulgada la siguiente vulnerabilidad en ClamAV scanning library versiones 0.103.5 y anteriores y 0.104.2 y anteriores: Una vulnerabilidad en el analizador de archivos CHM de Clam AntiVirus (ClamAV) versiones 0.104.0 hasta 0.104.2 y LTS versi\u00f3n 0.103.5 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. Para una descripci\u00f3n de esta vulnerabilidad, vea el blog de ClamAV. Este aviso ser\u00e1 actualizado a medida que est\u00e9 disponible informaci\u00f3n adicional"
    }
  ],
  "id": "CVE-2022-20770",
  "lastModified": "2024-11-21T06:43:31.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-04T17:15:08.377",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://security.gentoo.org/glsa/202310-01"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202310-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-202205-0219

Vulnerability from variot

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ========================================================================== Ubuntu Security Notice USN-5423-2 May 17, 2022

clamav vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in ClamAV.

Software Description: - clamav: Anti-virus utility for Unix

Details:

USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20770)

Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. (CVE-2022-20771)

Michał Dardas discovered that ClamAV incorrectly handled parsing HTML files. A remote attacker could possibly use this issue to cause ClamAV to consume resources, resulting in a denial of service. (CVE-2022-20785)

Michał Dardas discovered that ClamAV incorrectly handled loading the signature database. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2022-20792)

Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly handled the scan verdict cache check. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-20796)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.16.04.1+esm1

Ubuntu 14.04 ESM: clamav 0.103.6+dfsg-0ubuntu0.14.04.1+esm1

This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.

References: https://ubuntu.com/security/notices/USN-5423-2 https://ubuntu.com/security/notices/USN-5423-1 CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01

                                       https://security.gentoo.org/

Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01

Synopsis

Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

Background

ClamAV is a GPL virus scanner.

Affected packages

Package Vulnerable Unaffected

app-antivirus/clamav < 0.103.7 >= 0.103.7

Description

Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7"

References

[ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202310-01

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202205-0219",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secure endpoint",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.16.3"
      },
      {
        "model": "clamav",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "clamav",
        "version": "0.103.5"
      },
      {
        "model": "secure endpoint",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "clamav",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "clamav",
        "version": "0.104.0"
      },
      {
        "model": "secure endpoint",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.17.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "clamav",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "clamav",
        "version": "0.104.2"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "36"
      },
      {
        "model": "secure endpoint",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.18.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "35"
      },
      {
        "model": "secure endpoint",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.18.2"
      },
      {
        "model": "gnu/linux",
        "scope": null,
        "trust": 0.8,
        "vendor": "debian",
        "version": null
      },
      {
        "model": "fedora",
        "scope": null,
        "trust": 0.8,
        "vendor": "fedora",
        "version": null
      },
      {
        "model": "cisco secure endpoint",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
        "version": null
      },
      {
        "model": "clamav",
        "scope": null,
        "trust": 0.8,
        "vendor": "clamav",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.103.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.104.2",
                "versionStartIncluding": "0.104.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.5.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.16.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.18.2",
                "versionStartIncluding": "1.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.18.2",
                "versionStartIncluding": "1.18.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.17.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      }
    ],
    "trust": 0.2
  },
  "cve": "CVE-2022-20770",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-20770",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-405323",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-20770",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2022-20770",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2022-20770",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202205-2065",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-405323",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-20770",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. ClamAV Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats. There is a resource management error vulnerability in Clam AntiVirus, which can be used by attackers to implement denial of service attacks. ==========================================================================\nUbuntu Security Notice USN-5423-2\nMay 17, 2022\n\nclamav vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in ClamAV. \n\nSoftware Description:\n- clamav: Anti-virus utility for Unix\n\nDetails:\n\nUSN-5423-1 fixed several vulnerabilities in ClamAV. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing CHM files. \n A remote attacker could possibly use this issue to cause ClamAV to stop\n responding, resulting in a denial of service.  (CVE-2022-20770)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing TIFF\n files. A remote attacker could possibly use this issue to cause ClamAV to\n stop responding, resulting in a denial of service. (CVE-2022-20771)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled parsing HTML\n files. A remote attacker could possibly use this issue to cause ClamAV to\n consume resources, resulting in a denial of service. (CVE-2022-20785)\n\n Micha\u0142 Dardas discovered that ClamAV incorrectly handled loading the\n signature database. A remote attacker could possibly use this issue to\n cause ClamAV to crash, resulting in a denial of service, or possibly\n execute arbitrary code. (CVE-2022-20792)\n\n Alexander Patrakov and Antoine Gatineau discovered that ClamAV incorrectly\n handled the scan verdict cache check. A remote attacker could possibly use\n this issue to cause ClamAV to crash, resulting in a denial of service, or\n possibly execute arbitrary code.(CVE-2022-20796)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  clamav                          0.103.6+dfsg-0ubuntu0.16.04.1+esm1\n\nUbuntu 14.04 ESM:\n  clamav                          0.103.6+dfsg-0ubuntu0.14.04.1+esm1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n  https://ubuntu.com/security/notices/USN-5423-2\n  https://ubuntu.com/security/notices/USN-5423-1\n  CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792,\n  CVE-2022-20796\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202310-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: ClamAV: Multiple Vulnerabilities\n     Date: October 01, 2023\n     Bugs: #831083, #842813, #894672\n       ID: 202310-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ClamAV, the worst of\nwhich could result in remote code execution. \n\nBackground\n==========\n\nClamAV is a GPL virus scanner. \n\nAffected packages\n=================\n\nPackage               Vulnerable    Unaffected\n--------------------  ------------  ------------\napp-antivirus/clamav  \u003c 0.103.7     \u003e= 0.103.7\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ClamAV. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ClamAV users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=app-antivirus/clamav-0.103.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2022-20698\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20698\n[ 2 ] CVE-2022-20770\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20770\n[ 3 ] CVE-2022-20771\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20771\n[ 4 ] CVE-2022-20785\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20785\n[ 5 ] CVE-2022-20792\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20792\n[ 6 ] CVE-2022-20796\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20796\n[ 7 ] CVE-2022-20803\n      https://nvd.nist.gov/vuln/detail/CVE-2022-20803\n[ 8 ] CVE-2023-20032\n      https://nvd.nist.gov/vuln/detail/CVE-2023-20032\n[ 9 ] CVE-2023-20052\n      https://nvd.nist.gov/vuln/detail/CVE-2023-20052\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202310-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "db": "PACKETSTORM",
        "id": "174873"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-20770",
        "trust": 3.7
      },
      {
        "db": "PACKETSTORM",
        "id": "167199",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "167211",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2431",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2362",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2022.2784",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051836",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022051732",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2022050437",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2022-64261",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-405323",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "174873",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "db": "PACKETSTORM",
        "id": "174873"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "id": "VAR-202205-0219",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-02-13T01:35:37.005000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "FEDORA-2022-0ac71a8f3a Cisco Systems Cisco\u00a0Security\u00a0Advisory",
        "trust": 0.8,
        "url": "https://www.clamav.net/"
      },
      {
        "title": "ClamAV Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=191379"
      },
      {
        "title": "Cisco: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-clamav-dos-prvgchld"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2022-20770"
      },
      {
        "title": "Ubuntu Security Notice: USN-5423-1: ClamAV vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-1"
      },
      {
        "title": "Ubuntu Security Notice: USN-5423-2: ClamAV vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-5423-2"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2022-1621",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2022-1621"
      },
      {
        "title": "Amazon Linux 2022: ALAS2022-2022-090",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas2022-2022-090"
      },
      {
        "title": "Amazon Linux 2022: ALAS-2022-229",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2022\u0026qid=alas-2022-229"
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-23305 "
      },
      {
        "title": "CVE-2022-XXXX",
        "trust": 0.1,
        "url": "https://github.com/alphabugx/cve-2022-rce "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
      },
      {
        "trust": 1.8,
        "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202310-01"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20770"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/n4nnbijvg6z4pdikuzxtyxicyuayaz56/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bx5zxnhp4nfyq5bfsky3wt7ntbzuyg7l/"
      },
      {
        "trust": 0.7,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7rv6bliatije74sq6ng5zc4jk5mmdq2r/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022050437"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/clamav-multiple-vulnerabilities-38245"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051836"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-20770/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2362"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167199/ubuntu-security-notice-usn-5423-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2431"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/167211/ubuntu-security-notice-usn-5423-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2022.2784"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022051732"
      },
      {
        "trust": 0.3,
        "url": "https://ubuntu.com/security/notices/usn-5423-1"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20771"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20796"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20792"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20785"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-dos-prvgchld"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-5423-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.22.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.21.10.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.18.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/clamav/0.103.6+dfsg-0ubuntu0.20.04.1"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-20052"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20803"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-20032"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-20698"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "db": "PACKETSTORM",
        "id": "174873"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "db": "PACKETSTORM",
        "id": "174873"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "date": "2022-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "date": "2023-08-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "date": "2022-05-18T16:36:26",
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "date": "2022-05-17T17:12:26",
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "date": "2023-10-02T15:09:41",
        "db": "PACKETSTORM",
        "id": "174873"
      },
      {
        "date": "2022-05-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "date": "2022-05-04T17:15:08.377000",
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-405323"
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-20770"
      },
      {
        "date": "2023-08-16T04:43:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      },
      {
        "date": "2022-06-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      },
      {
        "date": "2023-11-07T03:42:53.957000",
        "db": "NVD",
        "id": "CVE-2022-20770"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "167211"
      },
      {
        "db": "PACKETSTORM",
        "id": "167199"
      },
      {
        "db": "PACKETSTORM",
        "id": "174873"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ClamAV\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-010587"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202205-2065"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2022-20770

Vulnerability from cvelistv5

ghsa-5443-gj53-cw56

Vulnerability from github

cisco-sa-clamav-dos-prvgchld

Vulnerability from csaf_cisco

cisco-sa-clamav-dos-prVGcHLd

Vulnerability from csaf_cisco

gsd-2022-20770

Vulnerability from gsd

fkie_cve-2022-20770

Vulnerability from fkie_nvd

var-202205-0219

Vulnerability from variot

clamav vulnerabilities

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Tags

Sightings

Nomenclature