2117383 – (CVE-2022-20792) CVE-2022-20792 ClamAV: Improper bounds checking leading to multi-byte heap buffer overflow write.

Bug 2117383 (CVE-2022-20792) - CVE-2022-20792 ClamAV: Improper bounds checking leading to multi-byte heap buffer overflow write.

Summary: CVE-2022-20792 ClamAV: Improper bounds checking leading to multi-byte heap bu...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2022-20792
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-08-10 20:26 UTC by Zack Miele
Modified:	2022-08-16 14:07 UTC (History)
CC List:	14 users (show)
Fixed In Version:	ClamAV 0.105.0, ClamAV 0.104.3, ClamAV 0.103.6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-08-16 14:07:49 UTC
Embargoed:

Attachments	(Terms of Use)

Description Zack Miele 2022-08-10 20:26:01 UTC

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Comment 1 Orion Poplawski 2022-08-14 04:34:07 UTC

FWIW - We are at 0.103.7 in Fedora and EPEL.

Note You need to log in before you can comment on or make changes to this bug.