A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / ClamAV Open Source antivirus software RCE vulnerability (CVE-2023-20032)

ClamAV Open Source antivirus software RCE vulnerability (CVE-2023-20032)

Advisory No: TZCERT/SA/2023/02/17

Date of First Release: 17th February 2023

Source: CISCO

Software Affected:  ClamAV: 0.103.8,0.105.2 and 1.0.1

Overview:

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. This vulnerability could allow attackers to take control of a affected system.

Description:

The vulnerability, tracked as CVE-2023-20032 (CVSS score: 9.8), is caused by a buffer overflow in the HFS+ file parser. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. 

A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.

This vulnerability is vulnerability affects the following products:-

  • Secure Endpoint, formerly Advanced Malware Protection (AMP) for Endpoints (Windows, macOS, and Linux)
  • Secure Endpoint Private Cloud, and
  • Secure Web Appliance, formerly Web Security Appliance

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

CISCO has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
  2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …