On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-26 advisory.

  - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and     earlier, and 0.103.7and earlier could allow an unauthenticated, remote attacker to execute arbitrary     code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow     write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be     scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute     arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting     in a denial of service (DoS) condition. (CVE-2023-20032)

  - A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and     0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an     affected device. This vulnerability is due to enabling XML entity substitution that may result in XML     external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file     to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes     from any file that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202310-01 (ClamAV: Multiple Vulnerabilities)

  - A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS     version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of     service condition on an affected device. The vulnerability is due to improper checks that may result in an     invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an     affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash,     resulting in a denial of service condition. (CVE-2022-20698)

  - On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier     and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV)     versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an     unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a     description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional     information becomes available. (CVE-2022-20770)

  - On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier     and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV)     versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an     unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a     description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional     information becomes available. (CVE-2022-20771)

  - On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier     and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV)     versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an     unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a     description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional     information becomes available. (CVE-2022-20785)

  - A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV)     versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated,     local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability     is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An     attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the     ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.
    (CVE-2022-20792)

  - On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier     and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4,     0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service     condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
    (CVE-2022-20796)

  - A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could     allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The     vulnerability is due to incorrect use of the realloc function that may result in a double-free. An     attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the     affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash,     resulting in a denial of service condition. (CVE-2022-20803)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of ClamAV installed on the remote host is prior to 0.103.8, 0.104.x prior to 0.105.2 or 1.0.x prior to 1.0.1. It is, therefore, affected by a remote code execution vulnerability in the HFS+ partition file parser of the ClamAV scanning library. An unauthenticated, remote attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. Successful exploitation could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities in the bundled ClamAV package, including:

  - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and     0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2023-20032)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-112 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of clamav installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-20032 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to its version, the ClamAV clamd antivirus daemon running on the remote host is prior to 0.103.8, 0.104.x prior to 0.105.2, or 1.0.0. It is, therefore, affected by multiple vulnerabilities:

  - A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and     0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2023-20032)

  - A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and     earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    (CVE-2023-20052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version   number.

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5887-1 advisory.

    Simon Scannell discovered that ClamAV incorrectly handled parsing HFS+ files. A remote attacker could     possibly use this issue to cause ClamAV to crash, resulting in a denial of service, or execute arbitrary     code. (CVE-2023-20032)

    Simon Scannell discovered that ClamAV incorrectly handled parsing DMG files. A remote attacker could     possibly use this issue to expose sensitive information. (CVE-2023-20052)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of clamav installed on the remote host is prior to 0.103.8-1.52. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1694 advisory.

  - - Fix daily.cvd file - Split out documentation into separate -doc sub-package - (#2128276) Please port     your pcre dependency to pcre2 - Explicit dependency on systemd since systemd-devel no longer has this     dependency on F37+ - (#2136977) not requires data(clamav) on clamav-libs - (#2023371) Add documentation to     preserve user permissions of DatabaseOwner  ----  ClamAV 0.103.8 is a critical patch release with the     following fixes:   *   CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>:
    Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions     1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting     this issue.   *   CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a     possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0     and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this     issue.  (CVE-2023-20032, CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of clamav installed on the remote host is prior to 0.103.8-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1964 advisory.

  - - Fix daily.cvd file - Split out documentation into separate -doc sub-package - (#2128276) Please port     your pcre dependency to pcre2 - Explicit dependency on systemd since systemd-devel no longer has this     dependency on F37+ - (#2136977) not requires data(clamav) on clamav-libs - (#2023371) Add documentation to     preserve user permissions of DatabaseOwner  ----  ClamAV 0.103.8 is a critical patch release with the     following fixes:   *   CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>:
    Fixed a possible remote code execution vulnerability in the HFS+ file parser. The issue affects versions     1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting     this issue.   *   CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a     possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0     and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this     issue.  (CVE-2023-20032, CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0471-1 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0470-1 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0453-1 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3ba365d538 advisory.

    - Fix daily.cvd file
    - Split out documentation into separate -doc sub-package
    - (#2128276) Please port your pcre dependency to pcre2
    - Explicit dependency on systemd since systemd-devel no longer has this dependency on F37+
    - (#2136977) not requires data(clamav) on clamav-libs
    - (#2023371) Add documentation to preserve user permissions of DatabaseOwner

    ----

    ClamAV 0.103.8 is a critical patch release with the following fixes:

     *   CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible     remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier,     0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

     *   CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible     remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and     earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this     issue.


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3328 advisory.

  - ClamAV 0.103.8 is a critical patch release with the following fixes:   *     CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible remote     code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier,     0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.   *     CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible remote     information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier,     0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.
    (CVE-2023-20032, CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d686b8d48f advisory.

    ClamAV 0.103.8 is a critical patch release with the following fixes:

     *   CVE-2023-20032<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032>: Fixed a possible     remote code execution vulnerability in the HFS+ file parser. The issue affects versions 1.0.0 and earlier,     0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this issue.

     *   CVE-2023-20052<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052>: Fixed a possible     remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and     earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Thank you to Simon Scannell for reporting this     issue.



Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fd792048-ad91-11ed-a879-080027f5fec9 advisory.

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7     and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability     is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could     exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an     affected device. A successful exploit could allow the attacker to execute arbitrary code with the     privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service     (DoS) condition. For a description of this vulnerability, see the ClamAV blog     [https://blog.clamav.net/]. (CVE-2023-20032)

  - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability     in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier     could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
    This vulnerability is due to enabling XML entity substitution that may result in XML external entity     injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by     ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file     that may be read by the ClamAV scanning process. (CVE-2023-20052)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
183970	QNAP QTS / QuTS hero Multiple Vulnerabilities in ClamAV (QSA-23-26)	Nessus	Misc.	critical
182411	GLSA-202310-01 : ClamAV: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical
177449	ClamAV < 0.103.8 / 0.104.x < 0.105.2 / 1.0.x < 1.0.1 RCE	Nessus	Misc.	critical
173998	Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 38 / 9.0.0 < 9.0.0 Patch 31 Multiple Vulnerabilities in ClamAV	Nessus	CGI abuses	critical
173166	Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2023-112)	Nessus	Amazon Linux Local Security Checks	critical
172791	CBL Mariner 2.0 Security Update: clamav (CVE-2023-20032)	Nessus	MarinerOS Local Security Checks	critical
172281	ClamAV < 0.103.8 / 0.104.x < 0.105.2 / 1.0.0 Multiple Vulnerabilities	Nessus	Misc.	critical
171930	Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : ClamAV vulnerabilities (USN-5887-1)	Nessus	Ubuntu Local Security Checks	critical
171851	Amazon Linux AMI : clamav (ALAS-2023-1694)	Nessus	Amazon Linux Local Security Checks	critical
171832	Amazon Linux 2 : clamav (ALAS-2023-1964)	Nessus	Amazon Linux Local Security Checks	critical
171769	SUSE SLES12 Security Update : clamav (SUSE-SU-2023:0471-1)	Nessus	SuSE Local Security Checks	critical
171765	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : clamav (SUSE-SU-2023:0470-1)	Nessus	SuSE Local Security Checks	critical
171685	SUSE SLES12 Security Update : clamav (SUSE-SU-2023:0453-1)	Nessus	SuSE Local Security Checks	critical
171672	Fedora 36 : clamav (2023-3ba365d538)	Nessus	Fedora Local Security Checks	critical
171670	Debian DLA-3328-1 : clamav - LTS security update	Nessus	Debian Local Security Checks	critical
171629	Fedora 37 : clamav (2023-d686b8d48f)	Nessus	Fedora Local Security Checks	critical
171583	FreeBSD : clamav -- Multiple vulnerabilities (fd792048-ad91-11ed-a879-080027f5fec9)	Nessus	FreeBSD Local Security Checks	critical

Detections

Analytics

CVE-2023-20032

critical

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical