Уязвимость CVE-2023-20032: Информация

Описание

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-20032

Опубликовано: 1 марта 2023 г.

Изменено: 25 января 2024 г.

Идентификатор типа ошибки: CWE-787

Исправленные пакеты

Имя пакета	Ветка	Исправлено в версии	Версия в репозитории	Errata ID	№ Задания	Состояние
clamav	sisyphus	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1400-1	316420	Исправлено
clamav	sisyphus_e2k	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-2832-1	-	Исправлено
clamav	sisyphus_riscv64	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-2804-1	-	Исправлено
clamav	p10	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1436-1	316417	Исправлено
clamav	p10_e2k	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-2882-1	-	Исправлено
clamav	p9	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1459-1	316772	Исправлено
clamav	p9_e2k	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-5375-1	-	Исправлено
clamav	p8	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1514-1	316773	Исправлено
clamav	c10f1	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1436-1	316417	Исправлено
clamav	c9f2	0.103.8-alt1	0.103.8-alt1	ALT-PU-2023-1474-1	316802	Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка	Ресурс
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy	Vendor Advisory

Подверженные конфигурации:
1. Конфигурация 1
  cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*
  Start including
  15.0.0
  End excliding
  15.0.0-254
  cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*
  Start including
  14.5.0
  End excliding
  14.5.1-013
  cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*
  Start including
  14.0.0
  End excliding
  14.0.4-005
  cpe:2.3:a:cisco:web_security_appliance:*:*:*:*:*:*:*:*
  End excliding
  12.5.6
  cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*
  End excliding
  3.6.0
  cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
  Start including
  8.0.1.21160
  End excliding
  8.1.5
  cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
  End excliding
  7.5.9
  cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
  End excliding
  1.20.2
  cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
  End excliding
  1.21.1
  
  Конфигурация 2
  cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*
  cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
  End including
  0.103.7
  cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*
  Start including
  0.104.0
  End including
  0.105.1
  
  Конфигурация 3
  cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
  Start including
  4.4.0
  End excliding
  4.6.4
  cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
  Start including
  4.3.0
  End excliding
  4.3.17
  cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
  Start including
  3.8.0
  End excliding
  3.11.23
  cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*
  Start including
  3.0.0
  End excliding
  3.7.35

Версия: v24.5.0

Наверх

Уязвимость CVE-2023-20032: Информация

Описание

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

Конфигурация 1

Конфигурация 2

Конфигурация 3