OSV-2022-94

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/clamav/OSV-2022-94.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2022-94

Published

2022-01-27T00:02:12.465969Z

Modified

2024-09-05T14:16:39.861346Z

Summary

Heap-buffer-overflow in cli_strlcat

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44087

Crash type: Heap-buffer-overflow WRITE 1 Crash state: clistrlcat yarayyparse yrlexparserulesfile

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44087

Affected packages

OSS-Fuzz / clamav

Package

Name: clamav
Purl: pkg:generic/clamav

Affected ranges

Type: GIT
Repo: https://github.com/Cisco-Talos/clamav.git
Events: Introduced

428cd7951827535fdc50425f963eb2878fc39cc1

Introduced

e5f001c9ca4175beecd445004a8e01bbdd29579c

Affected versions

clamav-0.*

clamav-0.104.3

clamav-0.104.4

clamav-0.105.0

clamav-0.105.0-rc

clamav-0.105.0-rc2

clamav-0.105.1

clamav-0.105.2

clamav-1.*

clamav-1.0.0

clamav-1.0.0-rc

clamav-1.0.0-rc2

clamav-1.0.1

clamav-1.0.2

clamav-1.0.3

clamav-1.0.4

clamav-1.0.5

clamav-1.0.6

clamav-1.0.7

clamav-1.1.0

clamav-1.1.0-rc

clamav-1.1.1

clamav-1.1.2

clamav-1.1.3

clamav-1.2.0

clamav-1.2.0-rc

clamav-1.2.1

clamav-1.2.2

clamav-1.2.3

clamav-1.3.0

clamav-1.3.0-rc

clamav-1.3.0-rc2

clamav-1.3.1

clamav-1.3.2

clamav-1.4.0

clamav-1.4.0-rc

clamav-1.4.1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "d9a584b39fb694adc5740b666cba0242b55f774a:0037f5825b0b17a789c7eb29c9cb9a2d39c452bc"
}