cisco-sa-clamav-html-XAuOK8mR

ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022

cisco-sa-clamav-html-XAuOK8mR · Medium · Published 4 years ago · Updated 3 years ago

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed:  A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2022-20785
Cisco Bug IDs	CSCwb30931, CSCwb30932, CSCwb30933
CVSS Score	Base 7.5 Base 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:X
Product Names From Source	Cisco Secure Endpoint

Related Products

Product	CVE	Evidence
Cisco Secure Endpoint	CVE-2022-20785	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: May 2022

Workarounds

Related Products