Vulnerability CVE-2022-20796: Information
Description
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
clamav | sisyphus | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1906-1 | 300260 | Fixed |
clamav | sisyphus_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5026-1 | - | Fixed |
clamav | sisyphus_riscv64 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5013-1 | - | Fixed |
clamav | p10 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Fixed |
clamav | p10_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5046-1 | - | Fixed |
clamav | p9 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1939-1 | 300475 | Fixed |
clamav | p9_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5185-1 | - | Fixed |
clamav | p8 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1943-1 | 300477 | Fixed |
clamav | c10f1 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Fixed |
clamav | c9f2 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1945-1 | 300429 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
20220504 ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022 |
|
[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update |
|
GLSA-202310-01 | |
FEDORA-2022-b8691af27b | |
FEDORA-2022-0ac71a8f3a | |
FEDORA-2022-a910a41a17 |