Buffer Overflow Vulnerability in ClamAV Scanning Library Affecting Multiple Versions
CVE-2023-20032

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Secure Web Appliance; Cisco Secure Endpoint; Cisco Secure Endpoint Private Cloud Administration Portal
Vendor: CVE Published:; 1 March 2023

Summary

On February 15, 2023, a vulnerability was disclosed in the HFS+ partition file parser of ClamAV, enabling potential malicious exploitation. The flaw arises from a lack of buffer size verification, leading to the possibility of a heap buffer overflow. An attacker can exploit this vulnerability by submitting a specifically crafted HFS+ partition file for scanning. A successful attack could result in arbitrary code execution with the same privileges as the ClamAV scanning process, or it could crash the process entirely, causing a denial of service (DoS) situation. For further details, please refer to the ClamAV blog.

Affected Version(s)

Cisco Secure Endpoint 6.1.9

Cisco Secure Endpoint 6.2.5

Cisco Secure Endpoint 6.3.7

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Oct 27, 2022