7.8
CVE-2022-20785
- EPSS 6.63%
- Veröffentlicht 04.05.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:43:33
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Secure Endpoint SwPlatformmacos Version < 1.16.3
Cisco ≫ Secure Endpoint SwPlatformlinux Version < 1.17.2
Cisco ≫ Secure Endpoint SwPlatformwindows Version < 7.5.5
Cisco ≫ Secure Endpoint SwPlatformlinux Version >= 1.18.0 < 1.18.2
Cisco ≫ Secure Endpoint SwPlatformmacos Version >= 1.18.0 < 1.18.2
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Fedoraproject ≫ Fedora Version36
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.63% | 0.93 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
| psirt@cisco.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://security.gentoo.org/glsa/202310-01
https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR