7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.017 Low
EPSS
Percentile
87.5%
Issue Overview:
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20770)
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20771)
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. (CVE-2022-20785)
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. (CVE-2022-20796)
Affected Packages:
clamav
Issue Correction:
Run yum update clamav to update your system.
New Packages:
i686:
clamav-0.103.6-1.49.amzn1.i686
clamav-db-0.103.6-1.49.amzn1.i686
clamav-lib-0.103.6-1.49.amzn1.i686
clamav-debuginfo-0.103.6-1.49.amzn1.i686
clamav-devel-0.103.6-1.49.amzn1.i686
clamav-update-0.103.6-1.49.amzn1.i686
clamav-milter-0.103.6-1.49.amzn1.i686
clamd-0.103.6-1.49.amzn1.i686
noarch:
clamav-filesystem-0.103.6-1.49.amzn1.noarch
clamav-data-0.103.6-1.49.amzn1.noarch
src:
clamav-0.103.6-1.49.amzn1.src
x86_64:
clamav-milter-0.103.6-1.49.amzn1.x86_64
clamav-update-0.103.6-1.49.amzn1.x86_64
clamd-0.103.6-1.49.amzn1.x86_64
clamav-0.103.6-1.49.amzn1.x86_64
clamav-db-0.103.6-1.49.amzn1.x86_64
clamav-debuginfo-0.103.6-1.49.amzn1.x86_64
clamav-devel-0.103.6-1.49.amzn1.x86_64
clamav-lib-0.103.6-1.49.amzn1.x86_64
Red Hat: CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20796
Mitre: CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20796
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | clamav | < 0.103.6-1.49.amzn1 | clamav-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-db | < 0.103.6-1.49.amzn1 | clamav-db-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-lib | < 0.103.6-1.49.amzn1 | clamav-lib-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-debuginfo | < 0.103.6-1.49.amzn1 | clamav-debuginfo-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-devel | < 0.103.6-1.49.amzn1 | clamav-devel-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-update | < 0.103.6-1.49.amzn1 | clamav-update-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamav-milter | < 0.103.6-1.49.amzn1 | clamav-milter-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | clamd | < 0.103.6-1.49.amzn1 | clamd-0.103.6-1.49.amzn1.i686.rpm |
Amazon Linux | 1 | noarch | clamav-filesystem | < 0.103.6-1.49.amzn1 | clamav-filesystem-0.103.6-1.49.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | clamav-data | < 0.103.6-1.49.amzn1 | clamav-data-0.103.6-1.49.amzn1.noarch.rpm |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.017 Low
EPSS
Percentile
87.5%