Vulnerability CVE-2022-20770: Information
Description
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
clamav | sisyphus | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1906-1 | 300260 | Fixed |
clamav | sisyphus_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5026-1 | - | Fixed |
clamav | sisyphus_riscv64 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5013-1 | - | Fixed |
clamav | p10 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Fixed |
clamav | p10_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5046-1 | - | Fixed |
clamav | p9 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1939-1 | 300475 | Fixed |
clamav | p9_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5185-1 | - | Fixed |
clamav | p8 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1943-1 | 300477 | Fixed |
clamav | c10f1 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Fixed |
clamav | c9f2 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1945-1 | 300429 | Fixed |
clamav | p11 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1906-1 | 300260 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
20220504 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
|
[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update |
|
GLSA-202310-01 | |
FEDORA-2022-b8691af27b | |
FEDORA-2022-0ac71a8f3a | |
FEDORA-2022-a910a41a17 |