Heap Buffer Overflow in ClamAV Affects Local Users
CVE-2022-20792

7.8HIGH

Key Information:

Vendor: Cisco
Status: Clam Antivirus (clamav)
Vendor: CVE Published:; 4 May 2022

Summary

A vulnerability exists in the regex module used by the Clam AntiVirus signature database load module, allowing an authenticated local attacker to potentially crash the service and execute arbitrary code. This arises from improper bounds checking leading to a multi-byte heap buffer overflow. By placing a maliciously crafted CDB signature database file in the ClamAV database directory, an attacker can exploit the flaw, potentially gaining the ability to run code as the clamav user, threatening system integrity.

Affected Version(s)

Clam AntiVirus (ClamAV) <= 0.104.2

Clam AntiVirus (ClamAV) 0.104.0

Clam AntiVirus (ClamAV) <= 0.103.5

References

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-...

vendor-advisory

https://security.gentoo.org/glsa/202310-01

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2022
Vulnerability Reserved
Nov 2, 2021