CVE-2022-20792

Name of the Vulnerable Software and Affected Versions ClamAV versions 0.104.0 through 0.104.2 ClamAV LTS version 0.103.5 and prior versions

Description The issue is related to a heap buffer overflow due to improper bounds checking in the regex module used by the signature database load module. This could allow an authenticated, local attacker to crash ClamAV at database load time and possibly gain code execution. An attacker could exploit this by placing a crafted CDB ClamAV signature database file in the ClamAV database directory, potentially allowing them to run code as the clamav user.

Recommendations For ClamAV versions 0.104.0 through 0.104.2, consider updating to a version that includes the fix for this issue. For ClamAV LTS version 0.103.5 and prior versions, update to a newer version that includes the fix. As a temporary workaround, consider restricting access to the ClamAV database directory to prevent attackers from placing crafted signature database files. Avoid using the vulnerable regex module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.