PT-2023-2421 · Clamav+5 · Clamav+5

Simon Scannell

·

Publicado

2023-02-16

·

Atualizado

2026-02-06

·

CVE-2023-20052

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier
Description The vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Recommendations For ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier, consider disabling the DMG file parser until a patch is available. Restrict access to the ClamAV scanning process to minimize the risk of exploitation. Avoid using the XML entity substitution feature in the ClamAV scanning library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XML Entity Expansion

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-776CWE-611

Identificadores relacionados

ALT-PU-2023-1400
ALT-PU-2023-1436
ALT-PU-2023-1459
ALT-PU-2023-1474
AZL-13723
BDU:2023-02206
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2023-20052
DLA-3328-1
MGASA-2023-0068
OESA-2023-1169
OPENSUSE-SU-2024:12696-1
SUSE-SU-2023:0453-1
SUSE-SU-2023:0470-1
SUSE-SU-2023:0471-1
SUSE-SU-2023_0453-1
SUSE-SU-2023_0470-1
SUSE-SU-2023_0471-1
USN-5887-1

Produtos afetados

Alt Linux
Clamav
Linuxmint
Red Os
Suse
Ubuntu