{"api_version":"1","generated_at":"2026-04-22T22:49:47+00:00","cve":"CVE-2023-20052","urls":{"html":"https://cve.report/CVE-2023-20052","api":"https://cve.report/api/cve/CVE-2023-20052.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-20052","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-20052"},"summary":{"title":"CVE-2023-20052","description":"On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2023-03-01 08:15:00","updated_at":"2024-01-25 17:15:00"},"problem_types":["CWE-776"],"metrics":[],"references":[{"url":"https://security.gentoo.org/glsa/202310-01","name":"https://security.gentoo.org/glsa/202310-01","refsource":"MISC","tags":[],"title":"ClamAV: Multiple Vulnerabilities (GLSA 202310-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN","refsource":"MISC","tags":[],"title":"ClamAV DMG File Parsing XML Entity Expansion Vulnerability Affecting Cisco Products: February 2023","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-20052","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-20052","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"linux","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"macos","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_endpoint","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"windows","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"secure_endpoint_private_cloud","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"1.0.0","cpe7":"-","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"1.0.0","cpe7":"rc","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"1.0.0","cpe7":"rc2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"0.103.7","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"0.105.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"20052","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"stormshield","cpe5":"stormshield_network_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-20052","qid":"181595","title":"Debian Security Update for clamav (DLA 3328-1)"},{"cve":"CVE-2023-20052","qid":"182844","title":"Debian Security Update for clamav (CVE-2023-20052)"},{"cve":"CVE-2023-20052","qid":"199187","title":"Ubuntu Security Notification for ClamAV Vulnerabilities (USN-5887-1)"},{"cve":"CVE-2023-20052","qid":"283722","title":"Fedora Security Update for clamav (FEDORA-2023-d686b8d48f)"},{"cve":"CVE-2023-20052","qid":"283724","title":"Fedora Security Update for clamav (FEDORA-2023-3ba365d538)"},{"cve":"CVE-2023-20052","qid":"354748","title":"Amazon Linux Security Advisory for clamav : ALAS-2023-1694"},{"cve":"CVE-2023-20052","qid":"354777","title":"Amazon Linux Security Advisory for clamav : ALAS2-2023-1964"},{"cve":"CVE-2023-20052","qid":"355247","title":"Amazon Linux Security Advisory for clamav : ALAS2023-2023-112"},{"cve":"CVE-2023-20052","qid":"378767","title":"ClamAV Multiple Vulnerabilities (CVE-2023-20032 and CVE-2023-20052)"},{"cve":"CVE-2023-20052","qid":"502833","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2023-20052","qid":"503152","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2023-20052","qid":"505991","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2023-20052","qid":"691062","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for clamav (fd792048-ad91-11ed-a879-080027f5fec9)"},{"cve":"CVE-2023-20052","qid":"710761","title":"Gentoo Linux ClamAV Multiple Vulnerabilities (GLSA 202310-01)"},{"cve":"CVE-2023-20052","qid":"753723","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2023:0453-1)"},{"cve":"CVE-2023-20052","qid":"753774","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2023:0471-1)"},{"cve":"CVE-2023-20052","qid":"753775","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2023:0471-1)"},{"cve":"CVE-2023-20052","qid":"753776","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2023:0470-1)"},{"cve":"CVE-2023-20052","qid":"905640","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for clamav (13723)"},{"cve":"CVE-2023-20052","qid":"905694","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for clamav (13723-1)"},{"cve":"CVE-2023-20052","qid":"906617","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for clamav (13723-3)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-20052","ASSIGNER":"psirt@cisco.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Cisco","product":{"product_data":[{"product_name":"Cisco AMP for Endpoints","version":{"version_data":[{"version_affected":"=","version_value":"6.0.9"},{"version_affected":"=","version_value":"6.0.7"},{"version_affected":"=","version_value":"6.1.5"},{"version_affected":"=","version_value":"6.1.7"},{"version_affected":"=","version_value":"6.1.9"},{"version_affected":"=","version_value":"6.2.1"},{"version_affected":"=","version_value":"6.2.5"},{"version_affected":"=","version_value":"6.2.19"},{"version_affected":"=","version_value":"6.2.3"},{"version_affected":"=","version_value":"6.2.9"},{"version_affected":"=","version_value":"6.3.5"},{"version_affected":"=","version_value":"6.3.1"},{"version_affected":"=","version_value":"6.3.7"},{"version_affected":"=","version_value":"6.3.3"},{"version_affected":"=","version_value":"7.0.5"},{"version_affected":"=","version_value":"7.1.1"},{"version_affected":"=","version_value":"7.1.5"},{"version_affected":"=","version_value":"1.12.1"},{"version_affected":"=","version_value":"1.12.2"},{"version_affected":"=","version_value":"1.12.5"},{"version_affected":"=","version_value":"1.12.0"},{"version_affected":"=","version_value":"1.12.6"},{"version_affected":"=","version_value":"1.12.3"},{"version_affected":"=","version_value":"1.12.7"},{"version_affected":"=","version_value":"1.12.4"},{"version_affected":"=","version_value":"1.13.0"},{"version_affected":"=","version_value":"1.13.1"},{"version_affected":"=","version_value":"1.13.2"},{"version_affected":"=","version_value":"1.11.1"},{"version_affected":"=","version_value":"1.11.0"},{"version_affected":"=","version_value":"1.10.2"},{"version_affected":"=","version_value":"1.10.1"},{"version_affected":"=","version_value":"1.10.0"},{"version_affected":"=","version_value":"1.14.0"},{"version_affected":"=","version_value":"1.6.0"},{"version_affected":"=","version_value":"1.9.0"},{"version_affected":"=","version_value":"1.9.1"},{"version_affected":"=","version_value":"1.8.1"},{"version_affected":"=","version_value":"1.8.0"},{"version_affected":"=","version_value":"1.8.4"},{"version_affected":"=","version_value":"1.7.0"},{"version_affected":"=","version_value":"7.2.13"},{"version_affected":"=","version_value":"7.2.7"},{"version_affected":"=","version_value":"7.2.3"},{"version_affected":"=","version_value":"7.2.11"},{"version_affected":"=","version_value":"7.2.5"},{"version_affected":"=","version_value":"7.3.1"},{"version_affected":"=","version_value":"7.3.9"},{"version_affected":"=","version_value":"7.3.3"},{"version_affected":"=","version_value":"7.3.5"}]}}]}}]}},"references":{"reference_data":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN","refsource":"MISC","name":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-xxe-TcSZduhN"},{"url":"https://security.gentoo.org/glsa/202310-01","refsource":"MISC","name":"https://security.gentoo.org/glsa/202310-01"}]},"source":{"advisory":"cisco-sa-clamav-xxe-TcSZduhN","discovery":"EXTERNAL","defects":["CSCwd87111","CSCwd87112","CSCwd87113"]},"exploit":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"impact":{"cvss":[{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}]}},"nvd":{"publishedDate":"2023-03-01 08:15:00","lastModifiedDate":"2024-01-25 17:15:00","problem_types":["CWE-776"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*","versionEndExcluding":"3.6.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*","versionStartIncluding":"8.0.1.21160","versionEndExcluding":"8.1.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*","versionEndExcluding":"7.5.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*","versionEndExcluding":"1.20.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*","versionEndExcluding":"1.21.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:1.0.0:rc:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:1.0.0:rc2:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:1.0.0:-:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionEndIncluding":"0.103.7","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionStartIncluding":"0.104.0","versionEndIncluding":"0.105.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4.0","versionEndExcluding":"4.6.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.17","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.11.23","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.7.35","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}