Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2285
HistoryOct 31, 2023 - 2:07 p.m.

Advisory ROSA-SA-2023-2285

2023-10-3114:07:18
ROSA LAB
abf.rosalinux.ru
4
clamav 0.103.8
vulnerability
input validation
denial of service
remote attack
cve-2022-20698
cve-2022-20785
resolved
memory release errors
html files
cisco amp

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.5%

JSON

software: clamav 0.103.8
WASP: ROSA-CHROME

package_evr_string: clamav-0.103.8-1.src.rpm

CVE-ID: CVE-2022-20698
BDU-ID: 2022-00587
CVE-Crit: MEDIUM.
CVE-DESC.: A vulnerability in the Clam AntiVirus software package is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service by sending a specially generated OOXML file
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update clamav

CVE-ID: CVE-2022-20785
BDU-ID: 2022-02932
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the scanning library of the ClamAV antivirus suite and Cisco AMP endpoint malware protection tool is related to memory release errors in the parsing of HTML files. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update clamav

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchclamav< 0.103.8UNKNOWN

Related

nessus 20
redhatcve 1
cbl_mariner 3
debiancve 2
cisco 1
prion 2
veracode 2
cve 2
ubuntucve 2
osv 7
alpinelinux 2
cnvd 2
suse 2
altlinux 6
ubuntu 4
redos 2
freebsd 2
mageia 2
openvas 18
gentoo 1
amazon 1
fedora 3
debian 1
nessus
nessus
Amazon Linux 2022 : clamav (ALAS2022-2022-229)
2023-01-04 00:00:00
Amazon Linux 2022 : (ALAS2022-2022-090)
2022-09-07 00:00:00
SUSE SLES12 Security Update : clamav (SUSE-SU-2022:0358-1)
2022-02-10 00:00:00
redhatcve
redhatcve
CVE-2022-20785
2022-05-21 00:23:42
cbl_mariner
cbl_mariner
CVE-2022-20785 affecting package clamav 0.103.5-1
2022-06-15 17:03:10
CVE-2022-20698 affecting package clamav 0.103.2-1
2022-03-10 23:47:31
CVE-2022-20698 affecting package clamav for versions less than 0.104.2-1
2022-04-09 06:51:55
debiancve
debiancve
CVE-2022-20785
2022-05-04 17:15:00
CVE-2022-20698
2022-01-14 06:15:00
cisco
cisco
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022
2022-05-04 16:00:00
prion
prion
Design/Logic Flaw
2022-05-04 17:15:00
Input validation
2022-01-14 06:15:00
veracode
veracode
Denial Of Service (DoS)
2022-05-15 16:52:08
Denial Of Service (DoS)
2022-01-15 23:40:11
cve
cve
CVE-2022-20785
2022-05-04 17:15:00
CVE-2022-20698
2022-01-14 06:15:00
ubuntucve
ubuntucve
CVE-2022-20785
2022-05-04 00:00:00
CVE-2022-20698
2022-01-13 00:00:00
osv
osv
CVE-2022-20785
2022-05-04 17:15:08
clamav vulnerability
2022-01-19 12:42:55
CVE-2022-20698
2022-01-14 06:15:09
alpinelinux
alpinelinux
CVE-2022-20785
2022-05-04 17:15:00
CVE-2022-20698
2022-01-14 06:15:00
cnvd
cnvd
Clam AntiVirus Memory Leak Vulnerability
2022-05-07 00:00:00
Clam AntiVirus Input Validation Error Vulnerability (CNVD-2022-64263)
2022-01-17 00:00:00
suse
suse
Security update for clamav (important)
2022-02-18 00:00:00
Security update for clamav (important)
2022-05-12 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package clamav version 0.103.5-alt1
2022-02-01 00:00:00
Security fix for the ALT Linux 9 package clamav version 0.103.5-alt1
2022-01-25 00:00:00
Security fix for the ALT Linux 10 package clamav version 0.103.5-alt1
2022-01-21 00:00:00
ubuntu
ubuntu
ClamAV vulnerability
2022-01-18 00:00:00
ClamAV vulnerability
2022-01-19 00:00:00
ClamAV vulnerabilities
2022-05-17 00:00:00
redos
redos
ROS-20220125-03
2022-01-25 00:00:00
ROS-20220608-01
2022-06-08 00:00:00
freebsd
freebsd
clamav -- invalid pointer read that may cause a crash
2022-01-12 00:00:00
clamav -- Multiple vulnerabilities
2022-05-04 00:00:00
mageia
mageia
Updated clamav packages fix security vulnerability
2022-01-18 22:29:46
Updated clamav packages fix security vulnerability
2022-05-15 13:06:40
openvas
openvas
openSUSE: Security Advisory for clamav (openSUSE-SU-2022:0493-1)
2022-02-22 00:00:00
Ubuntu: Security Advisory (USN-5233-1)
2022-01-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:14882-1)
2022-01-28 00:00:00
gentoo
gentoo
ClamAV: Multiple Vulnerabilities
2023-10-01 00:00:00
amazon
amazon
Important: clamav
2022-07-28 20:34:00
fedora
fedora
[SECURITY] Fedora 34 Update: clamav-0.103.6-1.fc34
2022-05-16 01:45:20
[SECURITY] Fedora 35 Update: clamav-0.103.6-1.fc35
2022-05-16 02:07:04
[SECURITY] Fedora 36 Update: clamav-0.103.6-1.fc36
2022-05-16 01:09:27
debian
debian
[SECURITY] [DLA 3042-1] clamav security update
2022-06-03 16:55:36

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.017 Low

EPSS

Percentile

87.5%

JSON
Related for ROSA-SA-2023-2285
nessus20redhatcve1cbl_mariner3debiancve2cisco1prion2veracode2cve2ubuntucve2osv7alpinelinux2cnvd2suse2altlinux6ubuntu4redos2freebsd2mageia2openvas18gentoo1amazon1fedora3debian1