PT-2022-2519 · Clamav+5 · Clamav+5

Michal Dardas

Published

2022-04-20

Updated

2024-06-15

CVE-2022-20770

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions ClamAV versions 0.103.5 and earlier ClamAV versions 0.104.0 through 0.104.2

Description A vulnerability in the CHM file parser of Clam AntiVirus could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is related to errors in resource management during CHM file parsing, which may lead to a denial of service condition. Exploitation of the vulnerability may allow a remote attacker to consume all available system resources, causing a denial of service.

Recommendations For ClamAV versions 0.103.5 and earlier, update to a version later than 0.103.5. For ClamAV versions 0.104.0 through 0.104.2, update to a version later than 0.104.2. As a temporary workaround, consider disabling the CHM file parser until a patch is available. Restrict access to the CHM file parser to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2022-1906

ALT-PU-2022-1924

ALT-PU-2022-1939

ALT-PU-2022-1945

AZL-9666

BDU:2022-02934

CVE-2022-20770

DLA-3042-1

MGASA-2022-0187

OESA-2022-1683

OPENSUSE-SU-2022_1644-1

OPENSUSE-SU-2024:12047-1

SUSE-SU-2022:1644-1

SUSE-SU-2022:1647-1

SUSE-SU-2022_1644-1

SUSE-SU-2022_1647-1

USN-5423-1

USN-5423-2

Affected Products

Alt Linux

Clamav

Linuxmint

Red Os

Suse

Ubuntu

PT-2022-2519 · Clamav+5 · Clamav+5

CVE-2022-20770

Weakness Enumeration

Related Identifiers

Affected Products

References · 66