Bug 2117383 (CVE-2022-20792) - CVE-2022-20792 ClamAV: Improper bounds checking leading to multi-byte heap buffer overflow write.
Summary: CVE-2022-20792 ClamAV: Improper bounds checking leading to multi-byte heap bu...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-20792
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-10 20:26 UTC by Zack Miele
Modified: 2022-08-16 14:07 UTC (History)
14 users (show)

Fixed In Version: ClamAV 0.105.0, ClamAV 0.104.3, ClamAV 0.103.6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-08-16 14:07:49 UTC


Attachments (Terms of Use)

Description Zack Miele 2022-08-10 20:26:01 UTC
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

Comment 1 Orion Poplawski 2022-08-14 04:34:07 UTC
FWIW - We are at 0.103.7 in Fedora and EPEL.


Note You need to log in before you can comment on or make changes to this bug.