QID 378767

Date Published: 2023-08-14

QID 378767: ClamAV Multiple Vulnerabilities (CVE-2023-20032 and CVE-2023-20052)

Clam Antivirus (ClamAV) is an open source (GPL) antivirus toolkit, designed for email scanning on mail servers as a server side email virus scanner.

ClamAV is prone to two security vulnerabilities listed below:
1. CVE-2023-20032: Fixed a possible remote code execution vulnerability
2. CVE-2023-20052: Fixed a possible remote information leak vulnerability

Affected version
ClamAV versions prior to 0.103.8, 0.105.2 and 1.0.1

Detection Logic:(Authenticated)
This checks for vulnerable versions of ClamAV

Vulnerable versions of ClamAV is prone to Remote Code Execution and Information Leak vulnerabilities

CVSS V3 rated as Critical - 9.8 severity.

CVSS V2 rated as Critical - 10 severity.

Solution

Customers are advised to refer to ClamAV for more information pertaining to these vulnerabilities and their related patches.

Vendor References

ClamAV - blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

CVEs related to QID 378767

CVE-2023-20032 | CVE-2023-20052 |

Software Advisories

Advisory ID	Software	Component	Link
ClamAV			blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].