CVE-2022-20792
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-20792
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
ClamAV AntiVirus 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Clam AntiVirus是Clamav团队的一款用于检测木马,病毒,恶意软件和其他恶意威胁的开源杀毒引擎。 Clam AntiVirus 0.104.0版本到0.104.2版本 0.103版本到0.103.5版本存在安全漏洞,该漏洞源于签名数据库加载模块中的边界错误。远程攻击者可以将特制数据传递给应用程序,触发基于堆的缓冲区溢出利用该漏洞在目标系统上执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Cisco | Clam AntiVirus (ClamAV) | unspecified ~ 0.104.2 | - |
II. Public POCs for CVE-2022-20792
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-20792
请登录查看更多情报信息。
- https://security.gentoo.org/glsa/202310-01vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-20792
Same Patch Batch · Cisco · 2022-08-10 · 11 CVEs total
| CVE-2022-20827 | 9.0 CRITICAL | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20842 | 9.0 CRITICAL | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20841 | 9.0 CRITICAL | Cisco Small Business RV Series Routers Vulnerabilities |
| CVE-2022-20866 | 7.4 HIGH | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Priva |
| CVE-2022-20816 | 6.5 MEDIUM | Cisco Unified Communications Manager Arbitrary File Deletion Vulnerability |
| CVE-2022-20869 | 6.1 MEDIUM | Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability |
| CVE-2022-20820 | 5.4 MEDIUM | Cisco Webex Meetings Web Interface Vulnerabilities |
| CVE-2022-20852 | 5.4 MEDIUM | Cisco Webex Meetings Web Interface Vulnerabilities |
| CVE-2022-20914 | 4.9 MEDIUM | Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability |
| CVE-2022-20713 | 4.3 MEDIUM | Cisco Adaptive Security Appliances Software 跨站脚本漏洞 |
IV. Related Vulnerabilities
Same vendor: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
Same weakness: CWE-125
- CVE-2026-8177
XML::LibXML versions through 2.0210 for Perl read out-of-bou - CVE-2026-6104
Global buffer over-read in mb_convert_encoding() with attack - CVE-2026-7258
Out-of-bounds read in urldecode() on NetBSD - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out- - CVE-2026-3508
ASUS System Control Interface 缓冲区错误漏洞
V. Comments for CVE-2022-20792
No comments yet