PT-2021-7008 · Clamav+5 · Clamav+5

Alexander Patrakov

Published

2021-11-02

Updated

2024-06-15

CVE-2022-20796

CVSS v3.1

6.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.2 and earlier

Description A vulnerability in Clam AntiVirus (ClamAV) could allow an authenticated, local attacker to cause a denial of service condition on an affected device. The issue is related to a null pointer dereference error when checking the scan verdict cache. Exploitation of the vulnerability may allow a remote attacker to send specially crafted data to the application and perform a denial of service (DoS) attack.

Recommendations For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5 to resolve the issue. For ClamAV versions 0.104.2 and earlier, update to a version later than 0.104.2 to resolve the issue. As a temporary workaround, consider restricting access to the ClamAV scanning library to minimize the risk of exploitation.

Fix

DoS

Improper Resource Release

Untrusted Pointer Dereference

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-822CWE-476

Related Identifiers

ALT-PU-2022-1906

ALT-PU-2022-1924

ALT-PU-2022-1939

ALT-PU-2022-1945

AZL-9668

BDU:2022-02931

CVE-2022-20796

DLA-3042-1

MGASA-2022-0187

OPENSUSE-SU-2022_1644-1

OPENSUSE-SU-2024:12047-1

SUSE-SU-2022:1644-1

SUSE-SU-2022:1647-1

SUSE-SU-2022_1644-1

SUSE-SU-2022_1647-1

USN-5423-1

USN-5423-2

Affected Products

Alt Linux

Clamav

Linuxmint

Red Os

Suse

Ubuntu

PT-2021-7008 · Clamav+5 · Clamav+5

CVE-2022-20796

Weakness Enumeration

Related Identifiers

Affected Products

References · 56