Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0824
Vulnerability from certfr_avis - Published: 2026-07-02 - Updated: 2026-07-02
De multiples vulnérabilités ont été découvertes dans ClamAV. Elles permettent à un attaquant de provoquer un déni de service et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ClamAV versions ant\u00e9rieures \u00e0 1.4.5",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
},
{
"description": "ClamAV versions 1.5.x ant\u00e9rieures \u00e0 1.5.3",
"product": {
"name": "ClamAV",
"vendor": {
"name": "ClamAV",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-20216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20216"
},
{
"name": "CVE-2026-20243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20243"
},
{
"name": "CVE-2026-20215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20215"
},
{
"name": "CVE-2026-20213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20213"
},
{
"name": "CVE-2026-20214",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20214"
},
{
"name": "CVE-2026-20217",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20217"
},
{
"name": "CVE-2026-20244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-20244"
},
{
"name": "CVE-2026-41676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41676"
}
],
"initial_release_date": "2026-07-02T00:00:00",
"last_revision_date": "2026-07-02T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0824",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-07-02T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ClamAV. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ClamAV",
"vendor_advisories": [
{
"published_at": "2026-07-01",
"title": "Bulletin de s\u00e9curit\u00e9 ClamAV clamav-153-and-145-security-patch",
"url": "https://blog.clamav.net/2026/07/clamav-153-and-145-security-patch.html"
}
]
}
CVE-2026-20213 (GCVE-0-2026-20213)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:18:10.967118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PE files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PE content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:27:38.657Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwt62774"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PE File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20213",
"datePublished": "2026-07-01T16:27:38.657Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-07-01T17:25:08.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20214 (GCVE-0-2026-20214)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:18:19.481926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:09.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in FSG files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains portable executable content compressed with FSG to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:27:33.622Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwt62779"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV FSG File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20214",
"datePublished": "2026-07-01T16:27:33.622Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-07-01T17:25:09.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20215 (GCVE-0-2026-20215)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:17:41.483279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.547Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in 7z files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains 7z\u0026nbsp;content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:28:09.844Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwt62781"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV 7Zip File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20215",
"datePublished": "2026-07-01T16:28:09.844Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-07-01T17:25:08.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20216 (GCVE-0-2026-20216)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:27 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability
Summary
A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20216",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:18:03.116587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to improper handling of temporary resources during file scanning. An attacker could exploit this vulnerability by submitting a crafted InstallShield file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process and temporarily consume available system resources, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:27:51.314Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwt44538"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV InstallShield File Format Processing Resource Exhaustion Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20216",
"datePublished": "2026-07-01T16:27:51.314Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-07-01T17:25:08.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20217 (GCVE-0-2026-20217)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability
Summary
A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:17:51.378262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in PESpin files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains PESpin content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:28:03.720Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwt57454"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV PESpin File Format Processing Out-of-Bounds Memory Corruption Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20217",
"datePublished": "2026-07-01T16:28:03.720Z",
"dateReserved": "2025-10-08T11:59:15.398Z",
"dateUpdated": "2026-07-01T17:25:08.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20243 (GCVE-0-2026-20243)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:30 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV ALZ Archive Processing Denial of Service Vulnerability
Summary
A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:19:13.065202Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.088Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in ALZ files during scanning, which may result in an out-of-bounds buffer write. An attacker could exploit this vulnerability by submitting a crafted file that contains ALZ content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:30:20.848Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwu18798"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV ALZ Archive Processing Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20243",
"datePublished": "2026-07-01T16:30:20.848Z",
"dateReserved": "2025-10-08T11:59:15.400Z",
"dateUpdated": "2026-07-01T17:25:08.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-20244 (GCVE-0-2026-20244)
Vulnerability from cvelistv5 – Published: 2026-07-01 16:28 – Updated: 2026-07-01 17:25
VLAI
EPSS
Title
ClamAV DMG File Processing Denial of Service Vulnerability
Summary
A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.
This vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Secure Endpoint |
Affected:
7.0.5
Affected: 6.2.19 Affected: 7.3.3 Affected: 7.2.13 Affected: 6.1.5 Affected: 6.3.1 Affected: 6.2.5 Affected: 7.3.5 Affected: 6.2.1 Affected: 7.2.7 Affected: 7.1.1 Affected: 6.3.5 Affected: 6.2.9 Affected: 7.3.1 Affected: 6.1.7 Affected: 7.2.11 Affected: 7.2.3 Affected: 7.1.5 Affected: 6.3.3 Affected: 7.3.9 Affected: 6.2.3 Affected: 6.1.9 Affected: 6.0.9 Affected: 7.2.5 Affected: 6.0.7 Affected: 6.3.7 Affected: 1.12.3 Affected: 1.8.0 Affected: 1.11.1 Affected: 1.12.4 Affected: 1.10.0 Affected: 1.12.0 Affected: 1.8.1 Affected: 1.10.1 Affected: 1.12.1 Affected: 1.12.6 Affected: 1.14.0 Affected: 1.10.2 Affected: 1.12.7 Affected: 1.12.2 Affected: 1.6.0 Affected: 1.9.0 Affected: 1.11.0 Affected: 1.7.0 Affected: 1.13.0 Affected: 1.8.4 Affected: 1.13.1 Affected: 1.9.1 Affected: 1.12.5 Affected: 1.13.2 Affected: 8.1.7.21512 Affected: 8.1.7 Affected: 8.1.5 Affected: 8.1.3.21242 Affected: 8.1.3 Affected: 8.1.5.21322 Affected: 8.1.7.21417 Affected: 1.14.1 Affected: 1.15.1 Affected: 1.15.2 Affected: 1.15.3 Affected: 1.15.4 Affected: 1.15.5 Affected: 1.15.6 Affected: 1.16.0 Affected: 1.16.1 Affected: 1.16.2 Affected: 1.16.3 Affected: 1.18.0 Affected: 1.18.1 Affected: 1.20.0 Affected: 1.21.0 Affected: 1.21.1 Affected: 1.21.2 Affected: 1.21.3 Affected: 1.22.0 Affected: 1.22.1 Affected: 1.22.2 Affected: 1.22.3 Affected: 1.22.4 Affected: 1.24.0 Affected: 1.24.1 Affected: 1.24.2 Affected: 1.24.3 Affected: 1.24.4 Affected: 1.26.0 Affected: 1.24.5 Affected: 1.26.1 Affected: 1.27.0 Affected: 1.15.0 Affected: 1.17.0 Affected: 1.17.1 Affected: 1.17.2 Affected: 1.19.0 Affected: 1.20.1 Affected: 1.20.2 Affected: 1.20.3 Affected: 1.20.4 Affected: 1.20.5 Affected: 1.20.6 Affected: 1.23.0 Affected: 1.23.1 Affected: 1.20.7 Affected: 1.20.8 Affected: 1.25.0 Affected: 1.25.1 Affected: 1.25.2 Affected: 1.27.1 Affected: 1.27.2 Affected: 7.3.13 Affected: 7.3.15 Affected: 7.4.1 Affected: 7.4.1.20425 Affected: 7.4.1.20439 Affected: 7.4.3 Affected: 7.4.3.20679 Affected: 7.4.5 Affected: 7.5.1.20813 Affected: 7.5.1.20833 Affected: 7.5.3 Affected: 7.5.5 Affected: 8.0.1.21160 Affected: 8.0.1.21164 Affected: 7.5.7 Affected: 7.5.9 Affected: 7.5.11 Affected: 8.1.7.21585 Affected: 7.5.13.21586 Affected: 7.5.13.21598 Affected: 8.2.1.21612 Affected: 8.2.1.21650 Affected: 7.5.15.21611 Affected: 7.5.17.21680 Affected: 8.2.3.30119 Affected: 8.2.4.30130 Affected: 8.4.0 Affected: 7.5.19 Affected: 8.4.1.30298 Affected: 8.4.2.30317 Affected: 8.4.1.30307 Affected: 7.5.20 Affected: 8.4.3 Affected: 8.4.4.30419 Affected: 8.4.4.30467 Affected: 7.5.21.21732 Affected: 8.4.5.30483 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T17:17:32.499689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T17:25:08.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Endpoint",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.2.19"
},
{
"status": "affected",
"version": "7.3.3"
},
{
"status": "affected",
"version": "7.2.13"
},
{
"status": "affected",
"version": "6.1.5"
},
{
"status": "affected",
"version": "6.3.1"
},
{
"status": "affected",
"version": "6.2.5"
},
{
"status": "affected",
"version": "7.3.5"
},
{
"status": "affected",
"version": "6.2.1"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.1.1"
},
{
"status": "affected",
"version": "6.3.5"
},
{
"status": "affected",
"version": "6.2.9"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "6.1.7"
},
{
"status": "affected",
"version": "7.2.11"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.1.5"
},
{
"status": "affected",
"version": "6.3.3"
},
{
"status": "affected",
"version": "7.3.9"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.1.9"
},
{
"status": "affected",
"version": "6.0.9"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "6.0.7"
},
{
"status": "affected",
"version": "6.3.7"
},
{
"status": "affected",
"version": "1.12.3"
},
{
"status": "affected",
"version": "1.8.0"
},
{
"status": "affected",
"version": "1.11.1"
},
{
"status": "affected",
"version": "1.12.4"
},
{
"status": "affected",
"version": "1.10.0"
},
{
"status": "affected",
"version": "1.12.0"
},
{
"status": "affected",
"version": "1.8.1"
},
{
"status": "affected",
"version": "1.10.1"
},
{
"status": "affected",
"version": "1.12.1"
},
{
"status": "affected",
"version": "1.12.6"
},
{
"status": "affected",
"version": "1.14.0"
},
{
"status": "affected",
"version": "1.10.2"
},
{
"status": "affected",
"version": "1.12.7"
},
{
"status": "affected",
"version": "1.12.2"
},
{
"status": "affected",
"version": "1.6.0"
},
{
"status": "affected",
"version": "1.9.0"
},
{
"status": "affected",
"version": "1.11.0"
},
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "1.13.0"
},
{
"status": "affected",
"version": "1.8.4"
},
{
"status": "affected",
"version": "1.13.1"
},
{
"status": "affected",
"version": "1.9.1"
},
{
"status": "affected",
"version": "1.12.5"
},
{
"status": "affected",
"version": "1.13.2"
},
{
"status": "affected",
"version": "8.1.7.21512"
},
{
"status": "affected",
"version": "8.1.7"
},
{
"status": "affected",
"version": "8.1.5"
},
{
"status": "affected",
"version": "8.1.3.21242"
},
{
"status": "affected",
"version": "8.1.3"
},
{
"status": "affected",
"version": "8.1.5.21322"
},
{
"status": "affected",
"version": "8.1.7.21417"
},
{
"status": "affected",
"version": "1.14.1"
},
{
"status": "affected",
"version": "1.15.1"
},
{
"status": "affected",
"version": "1.15.2"
},
{
"status": "affected",
"version": "1.15.3"
},
{
"status": "affected",
"version": "1.15.4"
},
{
"status": "affected",
"version": "1.15.5"
},
{
"status": "affected",
"version": "1.15.6"
},
{
"status": "affected",
"version": "1.16.0"
},
{
"status": "affected",
"version": "1.16.1"
},
{
"status": "affected",
"version": "1.16.2"
},
{
"status": "affected",
"version": "1.16.3"
},
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.18.1"
},
{
"status": "affected",
"version": "1.20.0"
},
{
"status": "affected",
"version": "1.21.0"
},
{
"status": "affected",
"version": "1.21.1"
},
{
"status": "affected",
"version": "1.21.2"
},
{
"status": "affected",
"version": "1.21.3"
},
{
"status": "affected",
"version": "1.22.0"
},
{
"status": "affected",
"version": "1.22.1"
},
{
"status": "affected",
"version": "1.22.2"
},
{
"status": "affected",
"version": "1.22.3"
},
{
"status": "affected",
"version": "1.22.4"
},
{
"status": "affected",
"version": "1.24.0"
},
{
"status": "affected",
"version": "1.24.1"
},
{
"status": "affected",
"version": "1.24.2"
},
{
"status": "affected",
"version": "1.24.3"
},
{
"status": "affected",
"version": "1.24.4"
},
{
"status": "affected",
"version": "1.26.0"
},
{
"status": "affected",
"version": "1.24.5"
},
{
"status": "affected",
"version": "1.26.1"
},
{
"status": "affected",
"version": "1.27.0"
},
{
"status": "affected",
"version": "1.15.0"
},
{
"status": "affected",
"version": "1.17.0"
},
{
"status": "affected",
"version": "1.17.1"
},
{
"status": "affected",
"version": "1.17.2"
},
{
"status": "affected",
"version": "1.19.0"
},
{
"status": "affected",
"version": "1.20.1"
},
{
"status": "affected",
"version": "1.20.2"
},
{
"status": "affected",
"version": "1.20.3"
},
{
"status": "affected",
"version": "1.20.4"
},
{
"status": "affected",
"version": "1.20.5"
},
{
"status": "affected",
"version": "1.20.6"
},
{
"status": "affected",
"version": "1.23.0"
},
{
"status": "affected",
"version": "1.23.1"
},
{
"status": "affected",
"version": "1.20.7"
},
{
"status": "affected",
"version": "1.20.8"
},
{
"status": "affected",
"version": "1.25.0"
},
{
"status": "affected",
"version": "1.25.1"
},
{
"status": "affected",
"version": "1.25.2"
},
{
"status": "affected",
"version": "1.27.1"
},
{
"status": "affected",
"version": "1.27.2"
},
{
"status": "affected",
"version": "7.3.13"
},
{
"status": "affected",
"version": "7.3.15"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.4.1.20425"
},
{
"status": "affected",
"version": "7.4.1.20439"
},
{
"status": "affected",
"version": "7.4.3"
},
{
"status": "affected",
"version": "7.4.3.20679"
},
{
"status": "affected",
"version": "7.4.5"
},
{
"status": "affected",
"version": "7.5.1.20813"
},
{
"status": "affected",
"version": "7.5.1.20833"
},
{
"status": "affected",
"version": "7.5.3"
},
{
"status": "affected",
"version": "7.5.5"
},
{
"status": "affected",
"version": "8.0.1.21160"
},
{
"status": "affected",
"version": "8.0.1.21164"
},
{
"status": "affected",
"version": "7.5.7"
},
{
"status": "affected",
"version": "7.5.9"
},
{
"status": "affected",
"version": "7.5.11"
},
{
"status": "affected",
"version": "8.1.7.21585"
},
{
"status": "affected",
"version": "7.5.13.21586"
},
{
"status": "affected",
"version": "7.5.13.21598"
},
{
"status": "affected",
"version": "8.2.1.21612"
},
{
"status": "affected",
"version": "8.2.1.21650"
},
{
"status": "affected",
"version": "7.5.15.21611"
},
{
"status": "affected",
"version": "7.5.17.21680"
},
{
"status": "affected",
"version": "8.2.3.30119"
},
{
"status": "affected",
"version": "8.2.4.30130"
},
{
"status": "affected",
"version": "8.4.0"
},
{
"status": "affected",
"version": "7.5.19"
},
{
"status": "affected",
"version": "8.4.1.30298"
},
{
"status": "affected",
"version": "8.4.2.30317"
},
{
"status": "affected",
"version": "8.4.1.30307"
},
{
"status": "affected",
"version": "7.5.20"
},
{
"status": "affected",
"version": "8.4.3"
},
{
"status": "affected",
"version": "8.4.4.30419"
},
{
"status": "affected",
"version": "8.4.4.30467"
},
{
"status": "affected",
"version": "7.5.21.21732"
},
{
"status": "affected",
"version": "8.4.5.30483"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device.\r\n\r\nThis vulnerability is due to improper boundary checks for content in DMG files during scanning, which may result in an integer overflow on 32-bit platforms only. An attacker could exploit this vulnerability by submitting a crafted file that contains DMG content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T16:28:27.613Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-clamav-88cFYyxR",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-88cFYyxR"
}
],
"source": {
"advisory": "cisco-sa-clamav-88cFYyxR",
"defects": [
"CSCwu22472"
],
"discovery": "EXTERNAL"
},
"title": "ClamAV DMG File Processing Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20244",
"datePublished": "2026-07-01T16:28:27.613Z",
"dateReserved": "2025-10-08T11:59:15.400Z",
"dateUpdated": "2026-07-01T17:25:08.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41676 (GCVE-0-2026-41676)
Vulnerability from cvelistv5 – Published: 2026-04-24 17:16 – Updated: 2026-04-24 17:43
VLAI
EPSS
Title
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
Summary
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/rust-openssl/rust-openssl/secu… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| rust-openssl | rust-openssl |
Affected:
>= 0.9.27, < 0.10.78
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-24T17:43:14.622885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:43:20.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rust-openssl",
"vendor": "rust-openssl",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.9.27, \u003c 0.10.78"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-131",
"description": "CWE-131: Incorrect Calculation of Buffer Size",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T17:16:20.539Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5"
}
],
"source": {
"advisory": "GHSA-pqf5-4pqq-29f5",
"discovery": "UNKNOWN"
},
"title": "rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41676",
"datePublished": "2026-04-24T17:16:20.539Z",
"dateReserved": "2026-04-22T03:53:24.406Z",
"dateUpdated": "2026-04-24T17:43:20.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…