CVE-2022-20792

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-20792
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-20792.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-20792
Related
Published
2022-08-10T09:15:08Z
Modified
2024-10-12T08:55:39.780839Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

References

Affected packages

Alpine:v3.12 / clamav

Package

Name
clamav
Purl
pkg:apk/alpine/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-r0

Affected versions

0.*

0.94.2-r0
0.94.2-r1
0.94.2-r2
0.95.1-r0
0.95.1-r1
0.95.2-r0
0.95.2-r1
0.95.3-r0
0.95.3-r1
0.96-r0
0.96.1-r0
0.96.2-r0
0.96.3-r0
0.96.4-r0
0.96.5-r0
0.97-r0
0.97-r1
0.97-r2
0.97-r3
0.97-r4
0.97.1-r0
0.97.2-r0
0.97.3-r0
0.97.3-r1
0.97.3-r2
0.97.3-r3
0.97.4-r0
0.97.4-r1
0.97.4-r2
0.97.5-r0
0.97.6-r0
0.97.6-r1
0.97.7-r0
0.97.8-r0
0.97.8-r1
0.97.8-r2
0.98-r0
0.98-r1
0.98.1-r0
0.98.1-r1
0.98.1-r2
0.98.3-r0
0.98.4-r0
0.98.4-r1
0.98.5-r0
0.98.6-r0
0.98.6-r1
0.98.6-r2
0.98.7-r0
0.98.7-r1
0.98.7-r2
0.99-r0
0.99-r1
0.99-r2
0.99-r3
0.99.1-r0
0.99.1-r1
0.99.1-r2
0.99.2-r0
0.99.2-r1
0.99.2-r2
0.99.2-r3
0.99.2-r4
0.99.2-r5
0.99.2-r6
0.99.3-r1
0.99.3-r2
0.99.3-r3
0.99.4-r0
0.99.4-r1
0.100.0-r0
0.100.0-r1
0.100.0-r2
0.100.1-r0
0.100.1-r1
0.100.2-r0
0.100.3-r0
0.101.4-r0
0.101.4-r1
0.102.0-r0
0.102.1-r0
0.102.2-r0
0.102.3-r0
0.102.4-r0
0.102.4-r1
0.103.2-r0

Alpine:v3.13 / clamav

Package

Name
clamav
Purl
pkg:apk/alpine/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-r0

Affected versions

0.*

0.94.2-r0
0.94.2-r1
0.94.2-r2
0.95.1-r0
0.95.1-r1
0.95.2-r0
0.95.2-r1
0.95.3-r0
0.95.3-r1
0.96-r0
0.96.1-r0
0.96.2-r0
0.96.3-r0
0.96.4-r0
0.96.5-r0
0.97-r0
0.97-r1
0.97-r2
0.97-r3
0.97-r4
0.97.1-r0
0.97.2-r0
0.97.3-r0
0.97.3-r1
0.97.3-r2
0.97.3-r3
0.97.4-r0
0.97.4-r1
0.97.4-r2
0.97.5-r0
0.97.6-r0
0.97.6-r1
0.97.7-r0
0.97.8-r0
0.97.8-r1
0.97.8-r2
0.98-r0
0.98-r1
0.98.1-r0
0.98.1-r1
0.98.1-r2
0.98.3-r0
0.98.4-r0
0.98.4-r1
0.98.5-r0
0.98.6-r0
0.98.6-r1
0.98.6-r2
0.98.7-r0
0.98.7-r1
0.98.7-r2
0.99-r0
0.99-r1
0.99-r2
0.99-r3
0.99.1-r0
0.99.1-r1
0.99.1-r2
0.99.2-r0
0.99.2-r1
0.99.2-r2
0.99.2-r3
0.99.2-r4
0.99.2-r5
0.99.2-r6
0.99.3-r1
0.99.3-r2
0.99.3-r3
0.99.4-r0
0.99.4-r1
0.100.0-r0
0.100.0-r1
0.100.0-r2
0.100.1-r0
0.100.1-r1
0.100.2-r0
0.100.3-r0
0.101.4-r0
0.101.4-r1
0.102.0-r0
0.102.1-r0
0.102.2-r0
0.102.3-r0
0.102.4-r0
0.102.4-r1
0.102.4-r2
0.103.0-r0
0.103.0-r1
0.103.1-r0
0.103.2-r0

Debian:11 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-0+deb11u1

Affected versions

0.*

0.103.2+dfsg-2
0.103.3+dfsg-0+deb11u1
0.103.3+dfsg-1
0.103.4+dfsg-0+deb11u1
0.103.4+dfsg-1
0.103.5+dfsg-0+deb11u1
0.103.5+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / clamav

Package

Name
clamav
Purl
pkg:deb/debian/clamav?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/cisco-talos/clamav

Affected ranges

Type
GIT
Repo
https://github.com/cisco-talos/clamav
Events

Affected versions

clamav-0.*

clamav-0.104.0
clamav-0.104.1
clamav-0.104.2