CVE-2022-20770 HIGH

CVE-2022-20770: ClamAV CHM File Parsing Denial of Service Vulnerability Affecting Cisco Products: April 2022

Vendor Cisco
Product Cisco AMP for Endpoints
Weakness CWE-399
Published May 4, 2022
Last update November 6, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Key dates

02Disclosure timeline

May 4, 2022 CVE published
November 6, 2024 Record updated