CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
ciscoCNA
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
clamavclamav
𝑥
≤ 0.103.5
clamavclamav
0.104.0 ≤
𝑥
≤ 0.104.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clamav
bullseye
0.103.10+dfsg-0+deb11u1
fixed
bookworm
1.0.5+dfsg-1~deb12u1
fixed
sid
1.4.1+dfsg-1
fixed
trixie
1.4.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
kinetic
Fixed 0.103.6+dfsg-1ubuntu1
released
jammy
Fixed 0.103.6+dfsg-0ubuntu0.22.04.1
released
impish
Fixed 0.103.6+dfsg-0ubuntu0.21.10.1
released
focal
Fixed 0.103.6+dfsg-0ubuntu0.20.04.1
released
bionic
Fixed 0.103.6+dfsg-0ubuntu0.18.04.1
released
xenial
Fixed 0.103.6+dfsg-0ubuntu0.16.04.1+esm1
released
trusty
Fixed 0.103.6+dfsg-0ubuntu0.14.04.1+esm1
released
Common Weakness Enumeration
References
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
https://security.gentoo.org/glsa/202310-01
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
https://security.gentoo.org/glsa/202310-01