CVE-2023-20032

CVE-2023-20032

Name

CVE-2023-20032

Description

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
MISC	https://security.gentoo.org/glsa/202310-01

Type

URI

MISC

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

MISC

https://security.gentoo.org/glsa/202310-01

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:cisco:web_security_appliance::::::::`	web_security_appliance	>= 15.0.0	< 15.0.0-254
`cpe:2.3:a:cisco:web_security_appliance::::::::`	web_security_appliance	>= 14.5.0	< 14.5.1-013
`cpe:2.3:a:cisco:web_security_appliance::::::::`	web_security_appliance	>= 14.0.0	< 14.0.4-005
`cpe:2.3:a:cisco:web_security_appliance::::::::`	web_security_appliance	>= None	< 12.5.6
`cpe:2.3:a:cisco:secure_endpoint_private_cloud::::::::`	secure_endpoint_private_cloud	>= None	< 3.6.0
`cpe:2.3:a:cisco:secure_endpoint::::::windows::*`	secure_endpoint	>= 8.0.1.21160	< 8.1.5
`cpe:2.3:a:cisco:secure_endpoint::::::windows::*`	secure_endpoint	>= None	< 7.5.9
`cpe:2.3:a:cisco:secure_endpoint::::::linux::*`	secure_endpoint	>= None	< 1.20.2
`cpe:2.3:a:cisco:secure_endpoint::::::macos::*`	secure_endpoint	>= None	< 1.21.1

CPE URI

Source package

Min version

Max version

cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*

web_security_appliance

>= 15.0.0

< 15.0.0-254

cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*

web_security_appliance

>= 14.5.0

< 14.5.1-013

cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*

web_security_appliance

>= 14.0.0

< 14.0.4-005

cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*

web_security_appliance

>= None

< 12.5.6

cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*

secure_endpoint_private_cloud

>= None

< 3.6.0

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*

secure_endpoint

>= 8.0.1.21160

< 8.1.5

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*

secure_endpoint

>= None

< 7.5.9

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*

secure_endpoint

>= None

< 1.20.2

cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*

secure_endpoint

>= None

< 1.21.1

Source package	Branch	Version	Maintainer	Status
clamav	3.17-community	0.105.2-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

clamav

3.17-community

0.105.2-r0

Carlo Landmeter <clandmeter@alpinelinux.org>

fixed

References

Match rules

Vulnerable and fixed packages