Critical Vulnerability Alert in ClamAV

A critical remote code execution vulnerability has been discovered in ClamAV, an open-source anti-virus software by Cisco. It is an open-source (GPLv2) virus protection solution designed for email scanning, especially in mail gateways.

The security vulnerability, identified as CVE-2023-20032, is due to a memory error resulting from the unchecked buffer size in the HFS+ file parser component. Threat actors can take advantage of this security vulnerability by sending an HFS+ partitioning file prepared by ClamAV for scanning to a vulnerable device. Successful exploitation of the vulnerability by threat actors can result in the execution of arbitrary code with the same privileges as the ClamAV scanning process or a denial of service (DoS) condition.

The Affected ClamAV Applications

• Secure Endpoint (Advanced Malware Protection) for Windows, MacOS, and Linux devices
• Secure Endpoint Private Cloud
• Secure Web Appliance

It has been confirmed that the Secure Email Gateway and Secure Email and Web Manager products are not affected by the vulnerability.

In addition to the above vulnerability, a ClamAV information disclosure vulnerability affecting the DMG file parser, tracked by code CVE-2023-20052, has also been resolved with the release of versions 0.103.8, 0.105.2, and 1.0.1. In this context, it is recommended to apply the released updates promptly to avoid being targeted by attacks that can be carried out using the vulnerabilities.