CVE-2022-20796 MEDIUM

CVE-2022-20796: ClamAV Truncated File Denial of Service Vulnerability Affecting Cisco Products: April 2022

Vendor Cisco
Product Cisco AMP for Endpoints
Weakness CWE-822
Published May 4, 2022
Last update November 6, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.

Key dates

02Disclosure timeline

May 4, 2022 CVE published
November 6, 2024 Record updated