CVE-2022-20803: Double Free
First published: Fri Feb 17 2023(Updated: )
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Clamav Clamav | >=0.104.0<0.104.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-20803?
The severity of CVE-2022-20803 is high with a CVSS score of 7.5.
What is the affected software for CVE-2022-20803?
The affected software for CVE-2022-20803 is Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2.
How does CVE-2022-20803 impact devices?
CVE-2022-20803 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
How can I fix CVE-2022-20803?
To fix CVE-2022-20803, it is recommended to update Clam AntiVirus (ClamAV) to version 0.104.3 or higher.
What is the Common Weakness Enumeration (CWE) ID for CVE-2022-20803?
The Common Weakness Enumeration (CWE) ID for CVE-2022-20803 is 415.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/clamav
- canonical/clamav clamav
- version/clamav clamav/0.104.0