CVE-2022-20770

2022-05-0417:15:08

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.011 Low

EPSS

Percentile

84.6%

JSON

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CPENameOperatorVersion
clamaveq0.99.4-r0
clamaveq0.96.5-r0
clamaveq0.97.4-r1
clamaveq0.99.1-r1
clamaveq0.96.1-r0
clamaveq0.102.0-r0
clamaveq0.99.2-r2
clamaveq0.97.1-r0
clamaveq0.99.3-r2
clamaveq0.98.4-r1

Name	Operator	Version
clamav	eq	0.99.4-r0
clamav	eq	0.96.5-r0
clamav	eq	0.97.4-r1
clamav	eq	0.99.1-r1
clamav	eq	0.96.1-r0
clamav	eq	0.102.0-r0
clamav	eq	0.99.2-r2
clamav	eq	0.97.1-r0
clamav	eq	0.99.3-r2
clamav	eq	0.98.4-r1