Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-20785
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
ClamAV HTML Scanning Memory Leak Vulnerability Affecting Cisco Products: April 2022
Source: NVD (National Vulnerability Database)
Vulnerability Description
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Source: NVD (National Vulnerability Database)
Vulnerability Title
ClamAV 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ClamAV(Clam AntiVirus)是Clamav团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.104.0版本到0.104.2版本 0.103版本到0.103.5版本存在安全漏洞,该漏洞源于解析 HTML 文件时的内存泄漏。远程攻击者可以将特制的 HTML 文件传递给防病毒软件,触发内存泄漏利用该漏洞执行拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
CiscoCisco AMP for Endpoints n/a -
II. Public POCs for CVE-2022-20785
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-20785
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Cisco AMP for Endpoints
Same vendor: Cisco
Same weakness: CWE-401
V. Comments for CVE-2022-20785

No comments yet

Leave a comment