Out-of-bounds Write
CVE-2023-20032
Summary
A vulnerability in the HFS+ partition file parser of ClamAV, could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a Denial of Service (DoS) condition. This issue affects versions through 0.103.7, 0.104.0-rc2 through 0.105.1, and 1.0.0-rc through 1.0.0.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-787 - Out-of-Bounds Write
Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.
References
Advisory Timeline
- Published