CVE-2022-20792Out-of-bounds Read in Cisco Clam Antivirus

CWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write7 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 65.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Clam AntivirusClamav
Timeline
PublishedAug 10
Latest updateAug 11

Description

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianclamav/clamav< 0.103.6+dfsg-0+deb11u1+3
NVDclamav/clamav0.104.00.104.2+1
CVEListV5cisco/clam_antivirus0.104.0unspecified+2

🔴Vulnerability Details

3
GHSA
GHSA-c59m-xfxc-m38p: A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 02022-08-11
CVEList
CVE-2022-20792: A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 02022-08-10
OSV
CVE-2022-20792: A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 02022-08-10

📋Vendor Advisories

3
Ubuntu
ClamAV vulnerabilities2022-05-17
Ubuntu
ClamAV vulnerabilities2022-05-17
Debian
CVE-2022-20792: clamav - A vulnerability in the regex module used by the signature database load module o...2022
CVE-2022-20792 — Out-of-bounds Read in Cisco | cvebase