Critical ClamAV RCE, Remote Info Disclosure Bugs Patched: What You Need to Know

Recently, researchers found two critical flaws in the ClamAV open-source antivirus engine. These network security issues lead to Remote Code Execution (RCE) and remote information leakage for susceptible devices. ClamAV has now released patch versions addressing these dangerous cybersecurity vulnerabilities. This article will discuss the flaw’s discovery, its impact, and how to protect against this network security threat.

The Discovery & The Impact

An HFS+ file parser (CVE-2023-20032) was discovered to have an RCE vulnerability. This network security threat received a CVSS score of 9.8 out of 10 in the National Vulnerability Database and affects 1.0.0, 0.105.1, 0.103.7, and earlier versions of all three. 

Cisco Talos states, “This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.” Attackers could run arbitrary code with the same privileges as that of the ClamAV scanning process due to these exploits in cybersecurity, crashing the system and formulating Denial-of-Service (DoS) attacks in network security.

The second network security threat is a vulnerability to remote information leakage in the DMG file parser (CVE-2023-20052). The bug affects 1.0.0, 0.105.1, 0.103.7, and earlier versions.

Cisco Talos notes, “This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device."

What Can I Do to Protect Against These Bugs?

ClamAV has released security patching versions 0.103.8, 0.105.2, and 1.0.1 that can mitigate these network security issues. Fedora has also created a security advisory for these cybersecurity vulnerabilities. ClamAV states, “All users should update as soon as possible to patch for two remote code execution vulnerabilities that we recently discovered and patched.”

The release files are available for download on ClamAV.net, the Github Release page, and through Docker Hub. We urge all users to update now to protect against attacks in network security leading to compromise and prevent unauthorized disclosure of sensitive information. Be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use to stay up-to-date on the latest, most significant problems impacting your systems' data and network security.