Уязвимость CVE-2022-20785: Информация
Описание
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Исправленные пакеты
Имя пакета | Ветка | Исправлено в версии | Версия в репозитории | Errata ID | № Задания | Состояние |
---|---|---|---|---|---|---|
clamav | sisyphus | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1906-1 | 300260 | Исправлено |
clamav | sisyphus_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5026-1 | - | Исправлено |
clamav | sisyphus_riscv64 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5013-1 | - | Исправлено |
clamav | p10 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Исправлено |
clamav | p10_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5046-1 | - | Исправлено |
clamav | p9 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1939-1 | 300475 | Исправлено |
clamav | p9_e2k | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-5185-1 | - | Исправлено |
clamav | p8 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1943-1 | 300477 | Исправлено |
clamav | c10f1 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1924-1 | 300259 | Исправлено |
clamav | c9f2 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1945-1 | 300429 | Исправлено |
clamav | p11 | 0.103.6-alt1 | 0.103.8-alt1 | ALT-PU-2022-1906-1 | 300260 | Исправлено |
Ссылки на рекомендации, решения и инструменты
Ссылка | Ресурс |
---|---|
20220504 ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022 |
|
GLSA-202310-01 | |
[debian-lts-announce] 20220603 [SECURITY] [DLA 3042-1] clamav security update |
|
FEDORA-2022-b8691af27b | |
FEDORA-2022-0ac71a8f3a | |
FEDORA-2022-a910a41a17 |