csaf_suse - suse-su-2023:0471-1

suse-su-2023:0471-1

Vulnerability from csaf_suse

Published

2023-02-21 09:07

Modified

2023-02-21 09:07

Summary

Security update for clamav

Notes

Title of the patch

Security update for clamav

Description of the patch

This update for clamav fixes the following issues: - CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363). - CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).

Patchnames

SUSE-2023-471,SUSE-SLE-SERVER-12-SP5-2023-471

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for clamav",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for clamav fixes the following issues:\n\n- CVE-2023-20032: Fixed a possible remote code execution vulnerability in the HFS+ file parser (bsc#1208363).\n- CVE-2023-20052: Fixed a possible remote information leak vulnerability in the DMG file parser (bsc#1208365).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-471,SUSE-SLE-SERVER-12-SP5-2023-471",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0471-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:0471-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230471-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:0471-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013848.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208363",
        "url": "https://bugzilla.suse.com/1208363"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1208365",
        "url": "https://bugzilla.suse.com/1208365"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20032 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20032/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-20052 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-20052/"
      }
    ],
    "title": "Security update for clamav",
    "tracking": {
      "current_release_date": "2023-02-21T09:07:10Z",
      "generator": {
        "date": "2023-02-21T09:07:10Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:0471-1",
      "initial_release_date": "2023-02-21T09:07:10Z",
      "revision_history": [
        {
          "date": "2023-02-21T09:07:10Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.aarch64",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.aarch64",
                  "product_id": "clamav-0.103.8-3.24.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.i586",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.i586",
                  "product_id": "clamav-0.103.8-3.24.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.ppc64le",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.ppc64le",
                  "product_id": "clamav-0.103.8-3.24.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.s390",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.s390",
                  "product_id": "clamav-0.103.8-3.24.1.s390"
                }
              }
            ],
            "category": "architecture",
            "name": "s390"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.s390x",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.s390x",
                  "product_id": "clamav-0.103.8-3.24.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "clamav-0.103.8-3.24.1.x86_64",
                "product": {
                  "name": "clamav-0.103.8-3.24.1.x86_64",
                  "product_id": "clamav-0.103.8-3.24.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:12:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64"
        },
        "product_reference": "clamav-0.103.8-3.24.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le"
        },
        "product_reference": "clamav-0.103.8-3.24.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x"
        },
        "product_reference": "clamav-0.103.8-3.24.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
          "product_id": "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64"
        },
        "product_reference": "clamav-0.103.8-3.24.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64"
        },
        "product_reference": "clamav-0.103.8-3.24.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le"
        },
        "product_reference": "clamav-0.103.8-3.24.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x"
        },
        "product_reference": "clamav-0.103.8-3.24.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "clamav-0.103.8-3.24.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
        },
        "product_reference": "clamav-0.103.8-3.24.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-20032",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20032"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"].",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20032",
          "url": "https://www.suse.com/security/cve/CVE-2023-20032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208363 for CVE-2023-20032",
          "url": "https://bugzilla.suse.com/1208363"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211720 for CVE-2023-20032",
          "url": "https://bugzilla.suse.com/1211720"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-02-21T09:07:10Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2023-20032"
    },
    {
      "cve": "CVE-2023-20052",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-20052"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
          "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-20052",
          "url": "https://www.suse.com/security/cve/CVE-2023-20052"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1208365 for CVE-2023-20052",
          "url": "https://bugzilla.suse.com/1208365"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server 12 SP5:clamav-0.103.8-3.24.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.aarch64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP5:clamav-0.103.8-3.24.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-02-21T09:07:10Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-20052"
    }
  ]
}

CVE-2023-20052 (GCVE-0-2023-20052)

Vulnerability from cvelistv5

Published

2023-02-16 15:26

Modified

2024-08-02 08:57

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Summary

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Secure Endpoint	Version: 6.0.9 Version: 6.0.7 Version: 6.1.5 Version: 6.1.7 Version: 6.1.9 Version: 6.2.1 Version: 6.2.5 Version: 6.2.19 Version: 6.2.9 Version: 6.3.5 Version: 6.3.1 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 7.1.5 Version: 1.12.1 Version: 1.12.2 Version: 1.12.5 Version: 1.12.0 Version: 1.12.6 Version: 1.12.3 Version: 1.12.7 Version: 1.12.4 Version: 1.13.0 Version: 1.13.1 Version: 1.13.2 Version: 1.11.0 Version: 1.10.2 Version: 1.10.1 Version: 1.10.0 Version: 1.14.0 Version: 1.6.0 Version: 1.9.0 Version: 1.9.1 Version: 1.8.1 Version: 1.8.0 Version: 1.8.4 Version: 1.7.0 Version: 7.2.13 Version: 7.2.7 Version: 7.2.3 Version: 7.2.11 Version: 7.2.5 Version: 7.3.3 Version: 7.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-clamav-xxe-TcSZduhN",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.9"
            },
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.1.5"
            },
            {
              "status": "affected",
              "version": "6.1.7"
            },
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.2.1"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.2.19"
            },
            {
              "status": "affected",
              "version": "6.2.9"
            },
            {
              "status": "affected",
              "version": "6.3.5"
            },
            {
              "status": "affected",
              "version": "6.3.1"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "7.1.5"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.9.1"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.8.4"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.2.11"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.3"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:38.974Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-xxe-TcSZduhN",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-xxe-TcSZduhN",
        "defects": [
          "CSCwd87111",
          "CSCwd87112",
          "CSCwd87113"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20052",
    "datePublished": "2023-02-16T15:26:12.863Z",
    "dateReserved": "2022-10-27T18:47:50.319Z",
    "dateUpdated": "2024-08-02T08:57:35.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20032 (GCVE-0-2023-20032)

Vulnerability from cvelistv5

Published

2023-02-16 15:24

Modified

2024-08-02 08:57

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Summary

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

References

►

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

Impacted products

Vendor

Product

Version

►

Cisco

Cisco Secure Web Appliance

Version: 11.7.0-406
Version: 11.7.0-418
Version: 11.7.1-049
Version: 11.7.1-006
Version: 11.7.1-020
Version: 11.7.2-011
Version: 11.8.0-414
Version: 11.8.1-023
Version: 11.8.3-018
Version: 11.8.3-021
Version: 12.0.1-268
Version: 12.0.3-007
Version: 12.5.2-007
Version: 12.5.1-011
Version: 12.5.4-005
Version: 12.5.5-004
Version: 14.5.0-498
Version: 14.0.3-014
Version: 14.0.2-012

	Cisco	Cisco Secure Endpoint	Version: 6.1.9 Version: 6.2.5 Version: 6.3.7 Version: 6.3.3 Version: 7.0.5 Version: 7.1.1 Version: 1.12.1 Version: 1.12.2 Version: 1.12.3 Version: 1.12.7 Version: 1.12.4 Version: 1.11.0 Version: 1.10.2 Version: 1.10.0 Version: 1.14.0 Version: 1.6.0 Version: 1.9.0 Version: 1.8.1 Version: 1.8.0 Version: 1.7.0 Version: 7.2.13 Version: 7.3.5
	Cisco	Cisco Secure Endpoint Private Cloud Administration Portal	Version: N/A

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-clamav-q8DThCy",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Secure Web Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.7.0-406"
            },
            {
              "status": "affected",
              "version": "11.7.0-418"
            },
            {
              "status": "affected",
              "version": "11.7.1-049"
            },
            {
              "status": "affected",
              "version": "11.7.1-006"
            },
            {
              "status": "affected",
              "version": "11.7.1-020"
            },
            {
              "status": "affected",
              "version": "11.7.2-011"
            },
            {
              "status": "affected",
              "version": "11.8.0-414"
            },
            {
              "status": "affected",
              "version": "11.8.1-023"
            },
            {
              "status": "affected",
              "version": "11.8.3-018"
            },
            {
              "status": "affected",
              "version": "11.8.3-021"
            },
            {
              "status": "affected",
              "version": "12.0.1-268"
            },
            {
              "status": "affected",
              "version": "12.0.3-007"
            },
            {
              "status": "affected",
              "version": "12.5.2-007"
            },
            {
              "status": "affected",
              "version": "12.5.1-011"
            },
            {
              "status": "affected",
              "version": "12.5.4-005"
            },
            {
              "status": "affected",
              "version": "12.5.5-004"
            },
            {
              "status": "affected",
              "version": "14.5.0-498"
            },
            {
              "status": "affected",
              "version": "14.0.3-014"
            },
            {
              "status": "affected",
              "version": "14.0.2-012"
            }
          ]
        },
        {
          "product": "Cisco Secure Endpoint",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.1.9"
            },
            {
              "status": "affected",
              "version": "6.2.5"
            },
            {
              "status": "affected",
              "version": "6.3.7"
            },
            {
              "status": "affected",
              "version": "6.3.3"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "7.1.1"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.11.0"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            },
            {
              "status": "affected",
              "version": "1.6.0"
            },
            {
              "status": "affected",
              "version": "1.9.0"
            },
            {
              "status": "affected",
              "version": "1.8.1"
            },
            {
              "status": "affected",
              "version": "1.8.0"
            },
            {
              "status": "affected",
              "version": "1.7.0"
            },
            {
              "status": "affected",
              "version": "7.2.13"
            },
            {
              "status": "affected",
              "version": "7.3.5"
            }
          ]
        },
        {
          "product": "Cisco Secure Endpoint Private Cloud Administration Portal",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"]."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware that a proof-of-concept is available that demonstrates that this vulnerability can be used to cause a buffer overflow and subsequent process termination.\r\n\r\nAdditional technical information is also available that describes this vulnerability in detail.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:57:34.558Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-clamav-q8DThCy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-clamav-q8DThCy",
        "defects": [
          "CSCwd74135",
          "CSCwd74134",
          "CSCwd74133",
          "CSCwe18204",
          "CSCwd74132"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20032",
    "datePublished": "2023-02-16T15:24:05.173Z",
    "dateReserved": "2022-10-27T18:47:50.315Z",
    "dateUpdated": "2024-08-02T08:57:35.875Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2023:0471-1

Vulnerability from csaf_suse

CVE-2023-20052 (GCVE-0-2023-20052)

Vulnerability from cvelistv5

CVE-2023-20032 (GCVE-0-2023-20032)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature