Skip to main content

Out-of-bounds Write

CVE-2023-20032

Severity High
Score 9.8/10

Summary

A vulnerability in the HFS+ partition file parser of ClamAV, could allow an unauthenticated remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a Denial of Service (DoS) condition. This issue affects versions through 0.103.7, 0.104.0-rc2 through 0.105.1, and 1.0.0-rc through 1.0.0.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

Advisory Timeline

  • Published