Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-20032

Опубликовано: 01 мар. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 9.8

Описание

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

РелизСтатусПримечание
bionic

released

0.103.8+dfsg-0ubuntu0.18.04.1
devel

released

0.103.8+dfsg-0ubuntu1
esm-infra-legacy/trusty

released

0.103.8+dfsg-0ubuntu0.14.04.1+esm1
esm-infra/bionic

released

0.103.8+dfsg-0ubuntu0.18.04.1
esm-infra/focal

released

0.103.8+dfsg-0ubuntu0.20.04.1
esm-infra/xenial

released

0.103.8+dfsg-0ubuntu0.16.04.1+esm1
focal

released

0.103.8+dfsg-0ubuntu0.20.04.1
jammy

released

0.103.8+dfsg-0ubuntu0.22.04.1
kinetic

released

0.103.8+dfsg-0ubuntu0.22.10.1
lunar

released

0.103.8+dfsg-0ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 90%
0.06217
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-20032

CVSS3: 9.8
nvd
почти 3 года назад

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

msrc логотип

CVE-2023-20032

CVSS3: 9.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2023-20032

CVSS3: 9.8
debian
почти 3 года назад

On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...

fstec логотип

BDU:2023-00757

CVSS3: 9.8
fstec
почти 3 года назад

Уязвимость анализатора файлов разделов HFS+ пакета антивирусных программ ClamAV, позволяющая нарушителю выполнить произвольный код

suse-cvrf логотип

SUSE-SU-2023:0471-1

suse-cvrf
почти 3 года назад

Security update for clamav

EPSS

Процентиль: 90%
0.06217
Низкий

9.8 Critical

CVSS3