Published: 01/03/2023 Updated: 25/01/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and previous versions, 0.105.1 and previous versions, and 0.103.7 and previous versions could allow an unauthenticated, remote malicious user to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the malicious user to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["blog.clamav.net/"].

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco web security appliance
cisco secure endpoint private cloud
cisco secure endpoint
clamav clamav 1.0.0
clamav clamav
stormshield stormshield network security

Debian Bug report logs - #1031509 clamav: 2 RCE bugs in ClamAV 0103 (+ 100), CVE-2023-20032/CVE-2023-20052 Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Robert Waldner <waldner+bug@waldnerprivat> ...

Possible remote code execution vulnerability in the ClamAV HFS+ file parser The issue affects ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser The issue affects versions 100 and earlier, 01051 and earlier, and 01037 and e ...

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code This vulnerability is due to a missing buffer siz ...

How to use Because of the CVE-2023-20032 vulnerability, it is recommended to upgrade Clamav to version 101 This Script will remove any existing Clamav installation and install the newest version Please note, that this script has only been tested on Debian 11 You can find manual installation instructions here 1 Download git clone githubcom/marekbeckmann/Clamav-Ins

clamav-scan Local checker for CVE-2023-20032 and CVE-2023-20052 References blogclamavnet/2023/02/clamav-01038-01052-and-101-patchhtml seccloudappsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy seccloudappsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN community

Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw

The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution

Antivirus software is supposed to be an important part of an organization's defense against the endless tide of malware. Cisco's open source ClamAV can fill that role – once you patch the 9.8/10 rated arbitrary code execution flaw the networking giant revealed on Wednesday. "A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code," states Cisco'...

CVE-2023-20032

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect