CVE-2023-20052
published 2023-03-01CVE-2023-20052: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and…
PriorityP336medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
6.68%
93.1th percentile
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
| cisco | cisco_secure_endpoint | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_cisco5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-20052: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1
osv·2023-03-01·CVSS 5.3
CVE-2023-20052 [MEDIUM] CVE-2023-20052: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
GHSA
GHSA-pcr4-7r58-755h: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1
ghsa_unreviewed·2023-03-01
CVE-2023-20052 [MEDIUM] CWE-611 GHSA-pcr4-7r58-755h: On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
OSV
clamav vulnerabilities
osv·2023-02-27·CVSS 9.8
CVE-2023-20032 [CRITICAL] clamav vulnerabilities
clamav vulnerabilities
Simon Scannell discovered that ClamAV incorrectly handled parsing
HFS+ files. A remote attacker could possibly use this issue
to cause ClamAV to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2023-20032)
Simon Scannell discovered that ClamAV incorrectly handled parsing
DMG files. A remote attacker could possibly use this issue
to expose sensitive information. (CVE-2023-20052)
Ubuntu
ClamAV vulnerabilities
vendor_ubuntu·2023-02-27·CVSS 9.8
CVE-2023-20032 [CRITICAL] ClamAV vulnerabilities
Title: ClamAV vulnerabilities
Summary: Several security issues were fixed in ClamAV.
Simon Scannell discovered that ClamAV incorrectly handled parsing
HFS+ files. A remote attacker could possibly use this issue
to cause ClamAV to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2023-20032)
Simon Scannell discovered that ClamAV incorrectly handled parsing
DMG files. A remote attacker could possibly use this issue
to expose sensitive information. (CVE-2023-20052)
Instructions: This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Cisco
ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
vendor_cisco·2023-02-15·CVSS 5.3
CVE-2023-20052 [MEDIUM] CWE-611 ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
For a description of
Microsoft
On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.
vendor_msrc·2023-02-14·CVSS 5.3
CVE-2023-20052 [MEDIUM] CWE-776 On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.
On Feb 15 2023 the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier 0.105.1 and earlier and 0.103.7 and earlier could allow an unauthenticated remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affecte
Debian
CVE-2023-20052: clamav - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was ...
vendor_debian·2023·CVSS 5.3
CVE-2023-20052 [MEDIUM] CVE-2023-20052: clamav - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was ...
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Scope: local
bookworm: resolved (fixed in 1.0.1+dfsg-1)
bullseye: resolved (fixed in 0.103.8+dfsg-0+deb11u1)
forky: resolved
Cisco
ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
vendor_cisco·CVSS 3.1
CVE-2023-20052 ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
CVE-2023-20052: ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. For a des
No detection rules found.
No public exploits indexed.
Sentinelone
CVE-2023-20052: ClamAV XXE Vulnerability
blogs_sentinelone·2023-03-03·CVSS 5.3
CVE-2023-20052 [MEDIUM] CVE-2023-20052: ClamAV XXE Vulnerability
CVE-2023-20052 is a possible remote information leak vulnerability (XXE) in the DMG file parser of ClamAV. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Attackers can exploit this vulnerability to gain unauthorized access to sensitive data, execute malicious code, and cause denial of service attacks.
## Understanding the CVE-2023-20052 ClamAV XXE Vulnerability
The vulnerability is classified as an XML external entity injection (XXE) vulnerability with a CVSS score of 5.3 , which is considered medium .
ClamAV is vulnerable to an XML external entity injection (XXE) attack when processing XML data caused by enabling an XML entity substitution. By sending a specially crafted DMG file to ClamAV, which scans this document and executes the embedded
Sentinelone
CVE-2023-20052: ClamAV XXE Vulnerability
blogs_sentinelone·2023-03-03·CVSS 5.3
CVE-2023-20052 [MEDIUM] CVE-2023-20052: ClamAV XXE Vulnerability
CVE-2023-20052 is a possible remote information leak vulnerability (XXE) in the DMG file parser of ClamAV. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Attackers can exploit this vulnerability to gain unauthorized access to sensitive data, execute malicious code, and cause denial of service attacks.
## Understanding the CVE-2023-20052 ClamAV XXE Vulnerability
The vulnerability is classified as an XML external entity injection (XXE) vulnerability with a CVSS score of 5.3, which is considered medium.
ClamAV is vulnerable to an XML external entity injection (XXE) attack when processing XML data caused by enabling an XML entity substitution. By sending a specially crafted DMG file to ClamAV, which scans this document and executes the embedded c
Sentinelone
CVE-2022-47966: Zoho ManageEngine Vulnerability
blogs_sentinelone·2023-02-24·CVSS 9.8
CVE-2022-47966 [CRITICAL] CVE-2022-47966: Zoho ManageEngine Vulnerability
In October 2022, a critical vulnerability was discovered in the SAML authentication feature of the software, which could allow an attacker to bypass authentication, gain unauthorized access, and execute arbitrary code on the affected system. The vulnerability has been assigned as CVE-2022-47966.
## SAML Information Flow
Before we dive into the technical details, let’s discuss what SAML is and how it works. SAML (Security Assertion Markup Language) is an XML-based protocol used for exchanging authentication and authorization data between parties, specifically between an identity provider (IdP) and a service provider (SP).
The SAML process involves three parties: the user, the SP, and the IdP.
First, the user requests access to a protected resource on the SP’s server.
The SP then reques
2023-03-01
Published