A vulnerability has been found in ClamAV Antivirus up to LTS 0.103.5/0.104.2 (Anti-Malware Software) and classified as critical. Affected by this vulnerability is an unknown part of the component Regex Module. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

The weakness was released 08/10/2022. The advisory is shared at blog.clamav.net. This vulnerability is known as CVE-2022-20792 since 11/02/2021. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 08/10/2022).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Type

• Anti-Malware Software

Vendor

• ClamAV

Name

• Antivirus

Version

• 0.104.0
• 0.104.1
• 0.104.2
• LTS 0.103.0
• LTS 0.103.1
• LTS 0.103.2
• LTS 0.103.3
• LTS 0.103.4
• LTS 0.103.5

License

• free

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion