CVE-2022-20770

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

01 Jul 2022, 18:08

Type Values Removed Values Added
First Time Fedoraproject
Debian debian Linux
Debian
Fedoraproject fedora
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/ - Mailing List, Third Party Advisory

03 Jun 2022, 20:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html -

16 May 2022, 04:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/ -

12 May 2022, 19:35

Type Values Removed Values Added
References (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd - (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd - Third Party Advisory
CPE cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
cpe:2.3:a:clamav:clamav:*:*:*:*:lts:*:*:*
First Time Cisco secure Endpoint
Cisco
Clamav clamav
Clamav
CVSS v2 : unknown
v3 : unknown
v2 : 7.8
v3 : 7.5
CWE NVD-CWE-noinfo

04 May 2022, 18:15

Type Values Removed Values Added
Summary On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

04 May 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-04 17:15

Updated : 2022-07-01 18:08


NVD link : CVE-2022-20770

Mitre link : CVE-2022-20770


JSON object : View

Products Affected

fedoraproject

  • fedora

clamav

  • clamav

debian

  • debian_linux

cisco

  • secure_endpoint