--- licence_title: Creative Commons Attribution 4.0 International (CC-BY 4.0) licence_link: https://creativecommons.org/licenses/by/4.0/ licence_restrictions: https://cert.europa.eu/legal-notice licence_author: CERT-EU, The Cybersecurity Service for the European Union institutions, bodies, offices and agencies title: 'ClamAV critical vulnerability' version: '1.0' number: '2023-011' original_date: 'February 15, 2023' date: 'February 20, 2023' --- _History:_ * _20/02/2023 --- v1.0 -- Initial publication_ # Summary On February 15th, 2023, ClamAV informed about a critical vulnerability in the cross-platform antimalware toolkit [1]. The vulnerability is identified as `CVE-2023-20032` and could lead to remote code execution. # Technical Details The vulnerability `CVE-2023-20032` lies in the HFS+ partition file parser of affected ClamAV versions and could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition [2]. # Affected Products The vulnerability affects the following ClamAV versions: - 0.103.7 and earlier - 0.105.1 and earlier - 1.0.0 and earlier Moreover, ClamAV **0.104 has reached end-of-life** and will not be patched. Anyone using ClamAV 0.104 must switch to a supported version [1]. # Recommendations CERT-EU recommends installing updates on all devices running ClamAV as soon as possible [1]. # References [1] [2]