CVE-2022-20785 HIGH

CVE-2022-20785: ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022

Vendor Cisco
Product Cisco AMP for Endpoints
Weakness CWE-401
Published May 4, 2022
Last update November 6, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

Key dates

02Disclosure timeline

May 4, 2022 CVE published
November 6, 2024 Record updated

Related vulnerabilities

04Related CVE