vulnerability
Zimbra Collaboration: CVE-2022-20770: The ClamAV package has been upgraded to version 0.105.1-2 to fix multiple vulnerabilities.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | May 4, 2022 | Feb 26, 2025 | Jul 1, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
May 4, 2022
Added
Feb 26, 2025
Modified
Jul 1, 2025
Description
On april 20, 2022, the following vulnerability in the clamav scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: a vulnerability in chm file parser of clam antivirus (clamav) versions 0.104.0 through 0.104.2 and lts version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. for a description of this vulnerability, see the clamav blog. this advisory will be updated as additional information becomes available.
Solution
zimbra-collaboration-upgrade-latest
References
- CVE-2022-20770
- https://attackerkb.com/topics/CVE-2022-20770
- URL-https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/
- URL-https://security.gentoo.org/glsa/202310-01
- URL-https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.