CVE-2023-20032: 
Clam AntiVirus vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-20032) was discovered in ClamAV's HFS+ partition file parser affecting versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. The vulnerability was disclosed on February 15, 2023, and received a Critical CVSS score of 9.8. ClamAV, an open-source antivirus toolkit designed primarily for email gateway scanning, was found to contain this serious security flaw that affects multiple products including Cisco Secure Endpoint for various platforms and Secure Web Appliance (Security Online).

The vulnerability stems from improper bounds checking in the HFS+ partition file parser, specifically due to a missing buffer size check that could result in a heap buffer overflow write. The flaw allows attackers to trigger a buffer overflow through specially crafted HFS+ partition files submitted for scanning. This technical issue was discovered alongside another vulnerability (CVE-2023-20052), which involved XML external entity injection with a CVSS score of 5.3 (Security Online).

A successful exploitation of this vulnerability could enable attackers to execute arbitrary code with the privileges of the ClamAV scanning process. Additionally, it could cause the application to crash, resulting in a denial of service (DoS) condition. The vulnerability affects various Cisco products including Secure Endpoint for Linux, MacOS, and Windows, as well as Secure Endpoint Private Cloud and Secure Web Appliance (Security Online).

ClamAV has released software updates to address this vulnerability. The fixed versions are 0.103.8, 0.105.2, and 1.0.1. According to the advisory, there are no workarounds available, making it crucial for users to update to the patched versions (Security Online).