Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20052

Published: 01/03/2023 Updated: 25/01/2024
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Cisco

Vulnerability Summary

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and previous versions, 0.105.1 and previous versions, and 0.103.7 and previous versions could allow an unauthenticated, remote malicious user to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the malicious user to leak bytes from any file that may be read by the ClamAV scanning process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco secure endpoint private cloud

cisco secure endpoint

clamav clamav 1.0.0

clamav clamav

stormshield stormshield network security

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: 2 RCE bugs in ClamAV 0.103 (+ 1.0.0), CVE-2023-20032/CVE-2023-20052
Debian Bug report logs - #1031509 clamav: 2 RCE bugs in ClamAV 0103 (+ 100), CVE-2023-20032/CVE-2023-20052 Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Robert Waldner <waldner+bug@waldnerprivat> ...
Amazon Linux 2: ALAS2-2023-1964
Possible remote code execution vulnerability in the ClamAV HFS+ file parser The issue affects ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser The issue affects versions 100 and earlier, 01051 and earlier, and 01037 and e ...
Amazon Linux AMI: ALAS-2023-1694
Possible remote code execution vulnerability in the ClamAV HFS+ file parser The issue affects ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser The issue affects versions 100 and earlier, 01051 and earlier, and 01037 and e ...
Cisco: ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device This vulnerability is due to ena ...

Github Repositories

https://github.com/nokn0wthing/CVE-2023-25002

CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV

CVE-2023-20052 CVE-2023-20052, information leak vulnerability in the DMG file parser of ClamAV Usage To create malicious DMG file git clone githubcom/nokn0wthing/CVE-2023-20052git cd CVE-2023-20052 sudo docker build -t cve-2023-20052 sudo docker run -v $(pwd):/exploit -it cve-2023-20052 bash genisoimage -D -V "exploit" -no-pad -r -apple -file-mode 0777 -o

https://github.com/cbk914/clamav-scan

clamav-scan Local checker for CVE-2023-20032 and CVE-2023-20052 References blogclamavnet/2023/02/clamav-01038-01052-and-101-patchhtml seccloudappsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy seccloudappsciscocom/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN community

https://github.com/cY83rR0H1t/CVE-2023-20052

CVE-2023-20052 information leak vulnerability in the DMG file parser of ClamAV

CVE-2023-20052 CVE-2023-20052 information leak vulnerability in the DMG file parser of ClamAV A vulnerability in the DMG file parser of ClamAV versions 100 and earlier, 01051 and earlier, and 01037 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device This vulnerability is due to enabling XML entity substituti

Recent Articles

Antivirus apps are there to protect you – Cisco's ClamAV has a heckuva flaw
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Switchzilla hardware and software need attention, unless you fancy arbitrary remote code execution

Antivirus software is supposed to be an important part of an organization's defense against the endless tide of malware. Cisco's open source ClamAV can fill that role – once you patch the 9.8/10 rated arbitrary code execution flaw the networking giant revealed on Wednesday. "A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code," states Cisco'...

Read more...

References

CWE-776https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhNhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509https://nvd.nist.govhttps://github.com/nokn0wthing/CVE-2023-25002https://alas.aws.amazon.com/AL2/ALAS-2023-1964.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook