CVE-2023-20052

Related Files

Gentoo Linux Security Advisory 202310-01

Posted Oct 2, 2023

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.

tags | advisory, remote, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2022-20698, CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796, CVE-2022-20803, CVE-2023-20032, CVE-2023-20052

SHA-256 | ca1d69efc4a4e8857de6f7e66d60767c128e79bf7e3366220b15bc21ed14e66b

Download | Favorite | View

Ubuntu Security Notice USN-5887-1

Posted Feb 27, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5887-1 - Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary code. Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could possibly use this issue to expose sensitive information.

tags | advisory, remote, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2023-20032, CVE-2023-20052

SHA-256 | 30d0e5fa8fc60d8b3a9bade4aa193276d3da4ee86a87f963a16ee548f2905a89

Download | Favorite | View

Clam AntiVirus Toolkit 1.0.1

Posted Feb 15, 2023

Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software. This is the LTS source code release.

Changes: Fixed a possible remote code execution vulnerability in the HFS+ file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Fixed a possible remote information leak vulnerability in the DMG file parser. Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Fixed allmatch detection issue with the preclass bytecode hook. Updated vendored libmspack library to version 0.11alpha.

tags | tool, virus

systems | unix

advisories | CVE-2023-20032, CVE-2023-20052

SHA-256 | 0872dc1b82ff4cd7e8e4323faf5ee41a1f66ae80865d05429085b946355d86ee

Download | Favorite | View