发布时间: 2022年5月28日
修改时间: 2024年10月31日
Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Local | Local |
| CVSS评分 | 7.8 | 7.8 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | Required | Required |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1479 | clamav security update | 2022年5月28日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | clamav | Fixed |
| KY3.4-5A | clamav | Fixed |
| KY3.5.1 | clamav | Fixed |
