Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20220608-01
HistoryJun 08, 2022 - 12:00 a.m.

ROS-20220608-01

2022-06-0800:00:00
redos.red-soft.ru
22

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.017 Low

EPSS

Percentile

87.7%

JSON

The vulnerability of the ClamAV antivirus software package is related to a boundary error in the module of database loading
signatures. Exploitation of the vulnerability could allow an attacker acting remotely to transfer specially crafted data to an application, cause a buffer overflow in dynamic memory, and execute arbitrary operations.
specially crafted data, cause a buffer overflow in dynamic memory, and execute arbitrary
code on the target system

The vulnerability in the ClamAV antivirus software package is related to a bounds error in the file parser of the
OLE2. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially
a specially crafted file to an application, cause a release error, and execute arbitrary code on the target system

A vulnerability in the ClamAV antivirus software package is related to an infinite loop in the TIFF file analyzer.
Exploitation of the vulnerability could allow an attacker acting remotely to consume all available
system resources and cause denial of service conditions

A vulnerability in the ClamAV antivirus software package is related to a memory leak in HTML file parsing. Exploitation
exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTML file to the antivirus software.
a specially crafted HTML file to antivirus software, cause a memory leak, and execute a denial-of-service attack.
denial of service

A vulnerability in the ClamAV antivirus software package is related to an infinite loop in the CHM file analyzer.
Exploitation of the vulnerability could allow an attacker acting remotely to consume all available
system resources and cause denial of service conditions

A vulnerability in the ClamAV antivirus software package is related to a NULL pointer dereferencing error in the scan verdict cache.
scan verdict cache. Exploitation of the vulnerability could allow an attacker acting remotely,
transmit specially crafted data to an application and perform a denial-of-service (DoS) attack

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64clamav<= 0.103.6-1UNKNOWN

Related

freebsd 1
nessus 15
debian 1
osv 9
openvas 10
suse 1
ubuntu 2
mageia 1
altlinux 3
fedora 3
amazon 1
gentoo 1
nvd 6
debiancve 6
cve 6
alpinelinux 5
prion 6
ubuntucve 6
redhatcve 2
cisco 4
cbl_mariner 7
cvelist 6
cnvd 4
veracode 5
rosalinux 1
freebsd
freebsd
clamav -- Multiple vulnerabilities
2022-05-04 00:00:00
nessus
nessus
FreeBSD : clamav -- Multiple vulnerabilities (b2407db1-d79f-11ec-a15f-589cfc0f81b0)
2022-05-20 00:00:00
SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2022:1644-1)
2022-05-13 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : ClamAV vulnerabilities (USN-5423-1)
2022-05-17 00:00:00
debian
debian
[SECURITY] [DLA 3042-1] clamav security update
2022-06-03 16:55:36
osv
osv
clamav vulnerabilities
2022-05-17 11:35:36
clamav vulnerabilities
2022-05-17 15:36:09
clamav - security update
2022-06-03 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3042-1)
2022-06-04 00:00:00
Mageia: Security Advisory (MGASA-2022-0187)
2022-05-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1647-1)
2022-05-13 00:00:00
suse
suse
Security update for clamav (important)
2022-05-12 00:00:00
ubuntu
ubuntu
ClamAV vulnerabilities
2022-05-17 00:00:00
ClamAV vulnerabilities
2022-05-17 00:00:00
mageia
mageia
Updated clamav packages fix security vulnerability
2022-05-15 13:06:40
altlinux
altlinux
Security fix for the ALT Linux 8 package clamav version 0.103.6-alt1
2022-05-25 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.103.6-alt1
2022-05-23 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.103.6-alt1
2022-05-24 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: clamav-0.103.6-1.fc34
2022-05-16 01:45:20
[SECURITY] Fedora 35 Update: clamav-0.103.6-1.fc35
2022-05-16 02:07:04
[SECURITY] Fedora 36 Update: clamav-0.103.6-1.fc36
2022-05-16 01:09:27
amazon
amazon
Important: clamav
2022-07-28 20:34:00
gentoo
gentoo
ClamAV: Multiple Vulnerabilities
2023-10-01 00:00:00
nvd
nvd
CVE-2022-20803
2023-02-17 18:15:11
CVE-2022-20792
2022-08-10 09:15:08
CVE-2022-20785
2022-05-04 17:15:08
debiancve
debiancve
CVE-2022-20803
2023-02-17 18:15:11
CVE-2022-20785
2022-05-04 17:15:08
CVE-2022-20771
2022-05-04 17:15:08
cve
cve
CVE-2022-20792
2022-08-10 09:15:08
CVE-2022-20803
2023-02-17 18:15:11
CVE-2022-20770
2022-05-04 17:15:08
alpinelinux
alpinelinux
CVE-2022-20771
2022-05-04 17:15:08
CVE-2022-20785
2022-05-04 17:15:08
CVE-2022-20792
2022-08-10 09:15:08
prion
prion
Design/Logic Flaw
2022-05-04 17:15:00
Double free
2023-02-17 18:15:00
Design/Logic Flaw
2022-05-04 17:15:00
ubuntucve
ubuntucve
CVE-2022-20770
2022-05-04 00:00:00
CVE-2022-20803
2023-02-17 00:00:00
CVE-2022-20771
2022-05-04 00:00:00
redhatcve
redhatcve
CVE-2022-20785
2022-05-21 00:23:42
CVE-2022-20796
2022-05-20 23:01:09
cisco
cisco
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022
2022-05-04 16:00:00
ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
2022-05-04 16:00:00
ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: May 2022
2022-05-04 16:00:00
cbl_mariner
cbl_mariner
CVE-2022-20785 affecting package clamav 0.103.5-1
2022-06-15 17:03:10
CVE-2022-20796 affecting package clamav 0.103.5-1
2022-06-15 17:03:10
CVE-2022-20771 affecting package clamav for versions less than 0.105.0-1
2022-07-01 21:02:47
cvelist
cvelist
CVE-2022-20803 ClamAV Double-free Vulnerability in the OLE2 File Parser
2023-02-17 00:00:00
CVE-2022-20771 ClamAV TIFF File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
2022-05-04 00:00:00
CVE-2022-20770 ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022
2022-05-04 00:00:00
cnvd
cnvd
Clam AntiVirus Resource Management Error Vulnerability
2022-05-07 00:00:00
Clam AntiVirus Memory Leak Vulnerability
2022-05-07 00:00:00
Clam AntiVirus Resource Management Error Vulnerability (CNVD-2022-64261)
2022-05-07 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-05-15 17:03:31
Denial Of Service (DoS)
2022-05-15 17:03:32
Denial Of Service (DoS)
2022-05-15 16:52:34
rosalinux
rosalinux
Advisory ROSA-SA-2023-2285
2023-10-31 14:07:18

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.017 Low

EPSS

Percentile

87.7%

JSON
Related for ROS-20220608-01
freebsd1nessus15debian1osv9openvas10suse1ubuntu2mageia1altlinux3fedora3amazon1gentoo1nvd6debiancve6cve6alpinelinux5prion6ubuntucve6redhatcve2cisco4cbl_mariner7cvelist6cnvd4veracode5rosalinux1