Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-20803

Опубликовано: 17 фев. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 8.6

Описание

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

РелизСтатусПримечание
bionic

not-affected

devel

not-affected

esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

esm-infra/focal

not-affected

esm-infra/xenial

not-affected

focal

not-affected

impish

not-affected

jammy

not-affected

trusty/esm

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 39%
0.00172
Низкий

8.6 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2022-20803

CVSS3: 8.6
nvd
больше 2 лет назад

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

debian логотип

CVE-2022-20803

CVSS3: 8.6
debian
больше 2 лет назад

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) ver ...

github логотип

GHSA-rv4r-hqph-p3cp

CVSS3: 7.5
github
больше 2 лет назад

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

fstec логотип

BDU:2022-03419

CVSS3: 8.8
fstec
около 3 лет назад

Уязвимость пакета антивирусных программ ClamAV, связанная с повторным освобождением памяти, позволяющая нарушителю выполнить произвольный код

redos логотип

ROS-20220608-01

redos
около 3 лет назад

Множественные уязвимости ClamAV

EPSS

Процентиль: 39%
0.00172
Низкий

8.6 High

CVSS3

Уязвимость CVE-2022-20803