{"api_version":"1","generated_at":"2026-04-23T04:12:13+00:00","cve":"CVE-2022-20792","urls":{"html":"https://cve.report/CVE-2022-20792","api":"https://cve.report/api/cve/CVE-2022-20792.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-20792","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-20792"},"summary":{"title":"CVE-2022-20792","description":"A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2022-08-10 09:15:00","updated_at":"2023-10-01 11:15:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html","name":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html","refsource":"CISCO","tags":[],"title":"ClamAV® blog: ClamAV 0.105.0, 0.104.3, 0.103.6 released","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202310-01","name":"GLSA-202310-01","refsource":"GENTOO","tags":[],"title":"ClamAV: Multiple Vulnerabilities (GLSA 202310-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-20792","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-20792","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"20792","vulnerable":"1","versionEndIncluding":"0.103.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"20792","vulnerable":"1","versionEndIncluding":"0.104.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-20792","qid":"179350","title":"Debian Security Update for clamav (DLA 3042-1)"},{"cve":"CVE-2022-20792","qid":"180857","title":"Debian Security Update for clamav (CVE-2022-20792)"},{"cve":"CVE-2022-20792","qid":"198788","title":"Ubuntu Security Notification for ClamAV Vulnerabilities (USN-5423-1)"},{"cve":"CVE-2022-20792","qid":"500101","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2022-20792","qid":"690872","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for clamav (b2407db1-d79f-11ec-a15f-589cfc0f81b0)"},{"cve":"CVE-2022-20792","qid":"710761","title":"Gentoo Linux ClamAV Multiple Vulnerabilities (GLSA 202310-01)"},{"cve":"CVE-2022-20792","qid":"752118","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2022:1644-1)"},{"cve":"CVE-2022-20792","qid":"752121","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2022:1647-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","DATE_PUBLIC":"2022-05-04T16:01:00.000Z","ID":"CVE-2022-20792","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Clam AntiVirus (ClamAV)","version":{"version_data":[{"version_affected":"<=","version_value":"0.104.2"},{"version_affected":">=","version_value":"0.104.0"},{"version_affected":"<=","version_value":"0.103.5"}]}}]},"vendor_name":"Cisco"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-125 Out-of-bounds Read"}]}]},"references":{"reference_data":[{"name":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html","refsource":"CISCO","url":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"},{"refsource":"GENTOO","name":"GLSA-202310-01","url":"https://security.gentoo.org/glsa/202310-01"}]},"source":{"discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2022-08-10 09:15:00","lastModifiedDate":"2023-10-01 11:15:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionStartIncluding":"0.104.0","versionEndIncluding":"0.104.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionEndIncluding":"0.103.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"20792","Ordinal":"220151","Title":"CVE-2022-20792","CVE":"CVE-2022-20792","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"20792","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}