On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*",
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*",
"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*"
],
"source": "CPE_RANGE",
"extracted_events": [
{
"fixed": "1.16.3"
},
{
"fixed": "1.17.2"
},
{
"fixed": "7.5.5"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.2"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.2"
}
],
"vendor_product": "cisco:secure_endpoint"
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"vendor_product": "debian:debian_linux"
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "34"
},
{
"last_affected": "34"
},
{
"introduced": "35"
},
{
"last_affected": "35"
},
{
"introduced": "36"
},
{
"last_affected": "36"
}
],
"vendor_product": "fedoraproject:fedora"
}
]
}{
"cpe": [
"cpe:2.3:a:clamav:clamav:0.103.4:*:*:*:*:*:*:*",
"cpe:2.3:a:clamav:clamav:0.103.5:*:*:*:*:*:*:*",
"cpe:2.3:a:clamav:clamav:0.104.1:*:*:*:*:*:*:*",
"cpe:2.3:a:clamav:clamav:0.104.2:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"extracted_events": [
{
"introduced": "0.103.4"
},
{
"last_affected": "0.103.4"
},
{
"introduced": "0.103.5"
},
{
"last_affected": "0.103.5"
},
{
"introduced": "0.104.1"
},
{
"last_affected": "0.104.1"
},
{
"introduced": "0.104.2"
},
{
"last_affected": "0.104.2"
}
]
}