ID CVE-2022-20770
Summary On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
References
Vulnerable Configurations
  • cpe:2.3:a:clamav:clamav:-:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:-:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.0:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.0:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.1:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.1:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.2:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.2:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.3:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.3:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.4:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.4:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.103.5:*:*:*:lts:*:*:*
    cpe:2.3:a:clamav:clamav:0.103.5:*:*:*:lts:*:*:*
  • cpe:2.3:a:clamav:clamav:0.104.0:-:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.104.0:-:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.104.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.104.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.104.1:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.104.1:*:*:*:*:*:*:*
  • cpe:2.3:a:clamav:clamav:0.104.2:*:*:*:*:*:*:*
    cpe:2.3:a:clamav:clamav:0.104.2:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*
    cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:macos:*:*
    cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:macos:*:*
  • cpe:2.3:a:cisco:secure_endpoint:1.18.0:*:*:*:*:macos:*:*
    cpe:2.3:a:cisco:secure_endpoint:1.18.0:*:*:*:*:macos:*:*
  • cpe:2.3:a:cisco:secure_endpoint:1.18.1:*:*:*:*:macos:*:*
    cpe:2.3:a:cisco:secure_endpoint:1.18.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:cisco:secure_endpoint:1.18.0:*:*:*:*:linux:*:*
    cpe:2.3:a:cisco:secure_endpoint:1.18.0:*:*:*:*:linux:*:*
  • cpe:2.3:a:cisco:secure_endpoint:1.18.1:*:*:*:*:linux:*:*
    cpe:2.3:a:cisco:secure_endpoint:1.18.1:*:*:*:*:linux:*:*
  • cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:linux:*:*
    cpe:2.3:a:cisco:secure_endpoint:-:*:*:*:*:linux:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 7.8 (as of 01-10-2023 - 11:15)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
Last major update 01-10-2023 - 11:15
Published 04-05-2022 - 17:15
Last modified 01-10-2023 - 11:15
Back to Top