Vulnerability Details CVE-2022-20796
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.9
References
- https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
- https://security.gentoo.org/glsa/202310-01
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4
- https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
- https://security.gentoo.org/glsa/202310-01
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4
Products affected by CVE-2022-20796
-
cpe:2.3:a:cisco:secure_endpoint:-
-
cpe:2.3:a:cisco:secure_endpoint:1.18.0
-
cpe:2.3:a:cisco:secure_endpoint:1.18.1
-
cpe:2.3:a:cisco:secure_endpoint:6.0.7
-
cpe:2.3:a:cisco:secure_endpoint:6.0.9
-
cpe:2.3:a:cisco:secure_endpoint:6.1.5
-
cpe:2.3:a:cisco:secure_endpoint:6.1.7
-
cpe:2.3:a:cisco:secure_endpoint:6.1.9
-
cpe:2.3:a:cisco:secure_endpoint:6.2.1
-
cpe:2.3:a:cisco:secure_endpoint:6.2.19
-
cpe:2.3:a:cisco:secure_endpoint:6.2.3
-
cpe:2.3:a:cisco:secure_endpoint:6.2.5
-
cpe:2.3:a:cisco:secure_endpoint:6.2.9
-
cpe:2.3:a:cisco:secure_endpoint:6.3.1
-
cpe:2.3:a:cisco:secure_endpoint:6.3.3
-
cpe:2.3:a:cisco:secure_endpoint:6.3.5
-
cpe:2.3:a:cisco:secure_endpoint:6.3.7
-
cpe:2.3:a:cisco:secure_endpoint:7.0.5
-
cpe:2.3:a:cisco:secure_endpoint:7.1.1
-
cpe:2.3:a:cisco:secure_endpoint:7.1.5
-
cpe:2.3:a:cisco:secure_endpoint:7.2.11
-
cpe:2.3:a:cisco:secure_endpoint:7.2.13
-
cpe:2.3:a:cisco:secure_endpoint:7.2.3
-
cpe:2.3:a:cisco:secure_endpoint:7.2.5
-
cpe:2.3:a:cisco:secure_endpoint:7.2.7
-
cpe:2.3:a:cisco:secure_endpoint:7.3.1
-
cpe:2.3:a:cisco:secure_endpoint:7.3.3
-
cpe:2.3:a:cisco:secure_endpoint:7.3.5
-
cpe:2.3:a:cisco:secure_endpoint:7.3.9
-
cpe:2.3:a:clamav:clamav:0.103.4
-
cpe:2.3:a:clamav:clamav:0.103.5
-
cpe:2.3:a:clamav:clamav:0.104.1
-
cpe:2.3:a:clamav:clamav:0.104.2
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35
-
cpe:2.3:o:fedoraproject:fedora:36