Details of VAR-202302-1452

ID

VAR-202302-1452

CVE

CVE-2023-20032

TITLE

ClamAV Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202302-1351

DESCRIPTION

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy. ========================================================================== Ubuntu Security Notice USN-5887-1 February 27, 2023 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. (CVE-2023-20032) Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: clamav 0.103.8+dfsg-0ubuntu0.22.10.1 Ubuntu 22.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.18.04.1 Ubuntu 16.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 Ubuntu 14.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5887-1 CVE-2023-20032, CVE-2023-20052 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1

Trust: 1.08

sources: NVD: CVE-2023-20032 // VULMON: CVE-2023-20032 // PACKETSTORM: 171129

AFFECTED PRODUCTS

vendor:	cisco	model:	secure endpoint	scope:	lt	version:	1.20.2	Trust: 1.0
vendor:	clamav	model:	clamav	scope:	gte	version:	0.104.0	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	gte	version:	14.0.0	Trust: 1.0
vendor:	clamav	model:	clamav	scope:	lte	version:	0.105.1	Trust: 1.0
vendor:	clamav	model:	clamav	scope:	eq	version:	1.0.0	Trust: 1.0
vendor:	cisco	model:	secure endpoint	scope:	lt	version:	1.21.1	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	lt	version:	14.0.4-005	Trust: 1.0
vendor:	cisco	model:	secure endpoint	scope:	gte	version:	8.0.1.21160	Trust: 1.0
vendor:	cisco	model:	secure endpoint	scope:	lt	version:	7.5.9	Trust: 1.0
vendor:	cisco	model:	secure endpoint	scope:	lt	version:	8.1.5	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	lt	version:	15.0.0-254	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	gte	version:	14.5.0	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	lt	version:	14.5.1-013	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	gte	version:	15.0.0	Trust: 1.0
vendor:	cisco	model:	web security appliance	scope:	lt	version:	12.5.6	Trust: 1.0
vendor:	cisco	model:	secure endpoint private cloud	scope:	lt	version:	3.6.0	Trust: 1.0
vendor:	clamav	model:	clamav	scope:	lte	version:	0.103.7	Trust: 1.0

sources: NVD: CVE-2023-20032

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-20032
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202302-1351
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2023-20032
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2023-20032

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 171129 // CNNVD: CNNVD-202302-1351

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1351

CONFIGURATIONS

sources: NVD: CVE-2023-20032

PATCH

title:	ClamAV Buffer error vulnerability fix	url:	http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228436	Trust: 0.6
title:	Debian CVElist Bug Report Logs: clamav: 2 RCE bugs in ClamAV 0.103 (+ 1.0.0), CVE-2023-20032/CVE-2023-20052	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=72b1e54f904f4b9ca82d85ff39559617	Trust: 0.1
title:	Cisco: ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-clamav-q8dthcy	Trust: 0.1
title:	-	url:	https://github.com/marekbeckmann/clamav-installation-script	Trust: 0.1
title:	-	url:	https://www.theregister.co.uk/2023/02/17/cisco_clamav_critical_flaw/	Trust: 0.1

sources: VULMON: CVE-2023-20032 // CNNVD: CNNVD-202302-1351

EXTERNAL IDS

db:	NVD	id:	CVE-2023-20032	Trust: 1.8
db:	AUSCERT	id:	ESB-2023.0953	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.1077	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-1351	Trust: 0.6
db:	VULMON	id:	CVE-2023-20032	Trust: 0.1
db:	PACKETSTORM	id:	171129	Trust: 0.1

sources: VULMON: CVE-2023-20032 // PACKETSTORM: 171129 // CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-q8dthcy	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-20032/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.0953	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.1077	Trust: 0.6
url:	https://github.com/marekbeckmann/clamav-installation-script	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5887-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-20052	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2023-20032	Trust: 0.1

sources: VULMON: CVE-2023-20032 // PACKETSTORM: 171129 // CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032

CREDITS

Ubuntu

Trust: 0.1

sources: PACKETSTORM: 171129

SOURCES

db:	VULMON	id:	CVE-2023-20032
db:	PACKETSTORM	id:	171129
db:	CNNVD	id:	CNNVD-202302-1351
db:	NVD	id:	CVE-2023-20032

LAST UPDATE DATE

2023-03-13T22:49:59.020000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202302-1351	date:	2023-03-13T00:00:00
db:	NVD	id:	CVE-2023-20032	date:	2023-03-10T01:15:00

SOURCES RELEASE DATE

db:	PACKETSTORM	id:	171129	date:	2023-02-27T14:51:49
db:	CNNVD	id:	CNNVD-202302-1351	date:	2023-02-16T00:00:00
db:	NVD	id:	CVE-2023-20032	date:	2023-03-01T08:15:00