ID

VAR-202302-1452


CVE

CVE-2023-20032


TITLE

Cisco Systems  Cisco Secure Endpoint  Out-of-Bounds Write Vulnerability in Other Vendors' Products

Trust: 0.8

sources: JVNDB: JVNDB-2023-004930

DESCRIPTION

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. Cisco Systems Cisco Secure Endpoint Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy. ========================================================================== Ubuntu Security Notice USN-5887-1 February 27, 2023 clamav vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in ClamAV. Software Description: - clamav: Anti-virus utility for Unix Details: Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. (CVE-2023-20032) Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information. (CVE-2023-20052) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: clamav 0.103.8+dfsg-0ubuntu0.22.10.1 Ubuntu 22.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.22.04.1 Ubuntu 20.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.20.04.1 Ubuntu 18.04 LTS: clamav 0.103.8+dfsg-0ubuntu0.18.04.1 Ubuntu 16.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.16.04.1+esm1 Ubuntu 14.04 ESM: clamav 0.103.8+dfsg-0ubuntu0.14.04.1+esm1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5887-1 CVE-2023-20032, CVE-2023-20052 Package Information: https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ClamAV: Multiple Vulnerabilities Date: October 01, 2023 Bugs: #831083, #842813, #894672 ID: 202310-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Background ========== ClamAV is a GPL virus scanner. Affected packages ================= Package Vulnerable Unaffected -------------------- ------------ ------------ app-antivirus/clamav < 0.103.7 >= 0.103.7 Description =========== Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ClamAV users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.7" References ========== [ 1 ] CVE-2022-20698 https://nvd.nist.gov/vuln/detail/CVE-2022-20698 [ 2 ] CVE-2022-20770 https://nvd.nist.gov/vuln/detail/CVE-2022-20770 [ 3 ] CVE-2022-20771 https://nvd.nist.gov/vuln/detail/CVE-2022-20771 [ 4 ] CVE-2022-20785 https://nvd.nist.gov/vuln/detail/CVE-2022-20785 [ 5 ] CVE-2022-20792 https://nvd.nist.gov/vuln/detail/CVE-2022-20792 [ 6 ] CVE-2022-20796 https://nvd.nist.gov/vuln/detail/CVE-2022-20796 [ 7 ] CVE-2022-20803 https://nvd.nist.gov/vuln/detail/CVE-2022-20803 [ 8 ] CVE-2023-20032 https://nvd.nist.gov/vuln/detail/CVE-2023-20032 [ 9 ] CVE-2023-20052 https://nvd.nist.gov/vuln/detail/CVE-2023-20052 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 1.89

sources: NVD: CVE-2023-20032 // JVNDB: JVNDB-2023-004930 // VULMON: CVE-2023-20032 // PACKETSTORM: 171129 // PACKETSTORM: 174873

AFFECTED PRODUCTS

vendor:ciscomodel:web security appliancescope:gteversion:14.5.0

Trust: 1.0

vendor:ciscomodel:web security appliancescope:gteversion:15.0.0

Trust: 1.0

vendor:clamavmodel:clamavscope:lteversion:0.103.7

Trust: 1.0

vendor:ciscomodel:secure endpointscope:gteversion:8.0.1.21160

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:4.6.4

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:3.7.35

Trust: 1.0

vendor:ciscomodel:web security appliancescope:ltversion:14.5.1-013

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:3.8.0

Trust: 1.0

vendor:ciscomodel:web security appliancescope:ltversion:12.5.6

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:4.4.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:3.11.23

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:4.3.0

Trust: 1.0

vendor:clamavmodel:clamavscope:lteversion:0.105.1

Trust: 1.0

vendor:ciscomodel:web security appliancescope:gteversion:14.0.0

Trust: 1.0

vendor:stormshieldmodel:network securityscope:gteversion:3.0.0

Trust: 1.0

vendor:ciscomodel:web security appliancescope:ltversion:14.0.4-005

Trust: 1.0

vendor:ciscomodel:web security appliancescope:ltversion:15.0.0-254

Trust: 1.0

vendor:clamavmodel:clamavscope:eqversion:1.0.0

Trust: 1.0

vendor:ciscomodel:secure endpointscope:ltversion:1.20.2

Trust: 1.0

vendor:ciscomodel:secure endpointscope:ltversion:8.1.5

Trust: 1.0

vendor:clamavmodel:clamavscope:gteversion:0.104.0

Trust: 1.0

vendor:ciscomodel:secure endpointscope:ltversion:1.21.1

Trust: 1.0

vendor:stormshieldmodel:network securityscope:ltversion:4.3.17

Trust: 1.0

vendor:ciscomodel:secure endpointscope:ltversion:7.5.9

Trust: 1.0

vendor:ciscomodel:secure endpoint private cloudscope:ltversion:3.6.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco web セキュリティ アプライアンス ソフトウェアscope: - version: -

Trust: 0.8

vendor:clamavmodel:clamavscope: - version: -

Trust: 0.8

vendor:stormshieldmodel:network securityscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco secure endpoint private cloudscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco secure endpointscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-004930 // NVD: CVE-2023-20032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20032
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20032
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-20032
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202302-1351
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-20032
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-20032
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-004930 // CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032 // NVD: CVE-2023-20032

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-004930 // NVD: CVE-2023-20032

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 171129 // PACKETSTORM: 174873 // CNNVD: CNNVD-202302-1351

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202302-1351

PATCH

title:cisco-sa-clamav-q8DThCyurl:https://www.clamav.net/

Trust: 0.8

title:ClamAV Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228436

Trust: 0.6

title:Debian CVElist Bug Report Logs: clamav: 2 RCE bugs in ClamAV 0.103 (+ 1.0.0), CVE-2023-20032/CVE-2023-20052url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=72b1e54f904f4b9ca82d85ff39559617

Trust: 0.1

title:Cisco: ClamAV HFS+ Partition Scanning Buffer Overflow Vulnerability Affecting Cisco Products: February 2023url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-clamav-q8DThCy

Trust: 0.1

title: - url:https://github.com/marekbeckmann/Clamav-Installation-Script

Trust: 0.1

title: - url:https://www.theregister.co.uk/2023/02/17/cisco_clamav_critical_flaw/

Trust: 0.1

sources: VULMON: CVE-2023-20032 // JVNDB: JVNDB-2023-004930 // CNNVD: CNNVD-202302-1351

EXTERNAL IDS

db:NVDid:CVE-2023-20032

Trust: 3.5

db:JVNDBid:JVNDB-2023-004930

Trust: 0.8

db:AUSCERTid:ESB-2023.0953

Trust: 0.6

db:AUSCERTid:ESB-2023.1077

Trust: 0.6

db:CNNVDid:CNNVD-202302-1351

Trust: 0.6

db:VULMONid:CVE-2023-20032

Trust: 0.1

db:PACKETSTORMid:171129

Trust: 0.1

db:PACKETSTORMid:174873

Trust: 0.1

sources: VULMON: CVE-2023-20032 // JVNDB: JVNDB-2023-004930 // PACKETSTORM: 171129 // PACKETSTORM: 174873 // CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-clamav-q8dthcy

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-20032

Trust: 1.0

url:https://security.gentoo.org/glsa/202310-01

Trust: 0.9

url:https://cxsecurity.com/cveshow/cve-2023-20032/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0953

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1077

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2023-20052

Trust: 0.2

url:https://github.com/marekbeckmann/clamav-installation-script

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.10.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.18.04.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5887-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.22.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/clamav/0.103.8+dfsg-0ubuntu0.20.04.1

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20796

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20792

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20785

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20803

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20771

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20770

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-20698

Trust: 0.1

sources: VULMON: CVE-2023-20032 // JVNDB: JVNDB-2023-004930 // PACKETSTORM: 171129 // PACKETSTORM: 174873 // CNNVD: CNNVD-202302-1351 // NVD: CVE-2023-20032

CREDITS

Ubuntu

Trust: 0.1

sources: PACKETSTORM: 171129

SOURCES

db:VULMONid:CVE-2023-20032
db:JVNDBid:JVNDB-2023-004930
db:PACKETSTORMid:171129
db:PACKETSTORMid:174873
db:CNNVDid:CNNVD-202302-1351
db:NVDid:CVE-2023-20032

LAST UPDATE DATE

2024-08-14T14:02:40.351000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-004930date:2023-11-06T01:15:00
db:CNNVDid:CNNVD-202302-1351date:2023-03-13T00:00:00
db:NVDid:CVE-2023-20032date:2024-01-25T17:15:25.840

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-004930date:2023-11-06T00:00:00
db:PACKETSTORMid:171129date:2023-02-27T14:51:49
db:PACKETSTORMid:174873date:2023-10-02T15:09:41
db:CNNVDid:CNNVD-202302-1351date:2023-02-16T00:00:00
db:NVDid:CVE-2023-20032date:2023-03-01T08:15:11.907