Vulnerability Details CVE-2023-20052
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:
A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.089
EPSS Ranking 92.1%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2023-20052
-
cpe:2.3:a:cisco:secure_endpoint:-
-
cpe:2.3:a:cisco:secure_endpoint:1.16.3
-
cpe:2.3:a:cisco:secure_endpoint:1.17.2
-
cpe:2.3:a:cisco:secure_endpoint:1.18.0
-
cpe:2.3:a:cisco:secure_endpoint:1.18.1
-
cpe:2.3:a:cisco:secure_endpoint:1.18.2
-
cpe:2.3:a:cisco:secure_endpoint:6.0.7
-
cpe:2.3:a:cisco:secure_endpoint:6.0.9
-
cpe:2.3:a:cisco:secure_endpoint:6.1.5
-
cpe:2.3:a:cisco:secure_endpoint:6.1.7
-
cpe:2.3:a:cisco:secure_endpoint:6.1.9
-
cpe:2.3:a:cisco:secure_endpoint:6.2.1
-
cpe:2.3:a:cisco:secure_endpoint:6.2.19
-
cpe:2.3:a:cisco:secure_endpoint:6.2.3
-
cpe:2.3:a:cisco:secure_endpoint:6.2.5
-
cpe:2.3:a:cisco:secure_endpoint:6.2.9
-
cpe:2.3:a:cisco:secure_endpoint:6.3.1
-
cpe:2.3:a:cisco:secure_endpoint:6.3.3
-
cpe:2.3:a:cisco:secure_endpoint:6.3.5
-
cpe:2.3:a:cisco:secure_endpoint:6.3.7
-
cpe:2.3:a:cisco:secure_endpoint:7.0.5
-
cpe:2.3:a:cisco:secure_endpoint:7.1.1
-
cpe:2.3:a:cisco:secure_endpoint:7.1.5
-
cpe:2.3:a:cisco:secure_endpoint:7.2.11
-
cpe:2.3:a:cisco:secure_endpoint:7.2.13
-
cpe:2.3:a:cisco:secure_endpoint:7.2.3
-
cpe:2.3:a:cisco:secure_endpoint:7.2.5
-
cpe:2.3:a:cisco:secure_endpoint:7.2.7
-
cpe:2.3:a:cisco:secure_endpoint:7.3.1
-
cpe:2.3:a:cisco:secure_endpoint:7.3.3
-
cpe:2.3:a:cisco:secure_endpoint:7.3.5
-
cpe:2.3:a:cisco:secure_endpoint:7.3.9
-
cpe:2.3:a:cisco:secure_endpoint:7.5.5
-
cpe:2.3:a:cisco:secure_endpoint:8.0.1.21160
-
cpe:2.3:a:cisco:secure_endpoint:8.1.3
-
cpe:2.3:a:cisco:secure_endpoint:8.1.3.21242
-
cpe:2.3:a:cisco:secure_endpoint_private_cloud:*
-
cpe:2.3:a:clamav:clamav:-
-
cpe:2.3:a:clamav:clamav:0.01
-
cpe:2.3:a:clamav:clamav:0.02
-
cpe:2.3:a:clamav:clamav:0.03
-
cpe:2.3:a:clamav:clamav:0.05
-
cpe:2.3:a:clamav:clamav:0.10
-
cpe:2.3:a:clamav:clamav:0.100.0
-
cpe:2.3:a:clamav:clamav:0.100.1
-
cpe:2.3:a:clamav:clamav:0.100.2
-
cpe:2.3:a:clamav:clamav:0.101.0
-
cpe:2.3:a:clamav:clamav:0.101.1
-
cpe:2.3:a:clamav:clamav:0.101.2
-
cpe:2.3:a:clamav:clamav:0.101.3
-
cpe:2.3:a:clamav:clamav:0.101.4
-
cpe:2.3:a:clamav:clamav:0.101.5
-
cpe:2.3:a:clamav:clamav:0.102.0
-
cpe:2.3:a:clamav:clamav:0.102.1
-
cpe:2.3:a:clamav:clamav:0.102.2
-
cpe:2.3:a:clamav:clamav:0.102.3
-
cpe:2.3:a:clamav:clamav:0.102.4
-
cpe:2.3:a:clamav:clamav:0.103.0
-
cpe:2.3:a:clamav:clamav:0.103.1
-
cpe:2.3:a:clamav:clamav:0.103.2
-
cpe:2.3:a:clamav:clamav:0.103.3
-
cpe:2.3:a:clamav:clamav:0.103.4
-
cpe:2.3:a:clamav:clamav:0.103.5
-
cpe:2.3:a:clamav:clamav:0.103.6
-
cpe:2.3:a:clamav:clamav:0.103.7
-
cpe:2.3:a:clamav:clamav:0.104.0
-
cpe:2.3:a:clamav:clamav:0.104.1
-
cpe:2.3:a:clamav:clamav:0.104.2
-
cpe:2.3:a:clamav:clamav:0.104.3
-
cpe:2.3:a:clamav:clamav:0.105.1
-
cpe:2.3:a:clamav:clamav:0.12
-
cpe:2.3:a:clamav:clamav:0.13
-
cpe:2.3:a:clamav:clamav:0.14
-
cpe:2.3:a:clamav:clamav:0.15
-
cpe:2.3:a:clamav:clamav:0.20
-
cpe:2.3:a:clamav:clamav:0.21
-
cpe:2.3:a:clamav:clamav:0.22
-
cpe:2.3:a:clamav:clamav:0.23
-
cpe:2.3:a:clamav:clamav:0.24
-
cpe:2.3:a:clamav:clamav:0.3
-
cpe:2.3:a:clamav:clamav:0.51
-
cpe:2.3:a:clamav:clamav:0.52
-
cpe:2.3:a:clamav:clamav:0.53
-
cpe:2.3:a:clamav:clamav:0.54
-
cpe:2.3:a:clamav:clamav:0.60
-
cpe:2.3:a:clamav:clamav:0.60p
-
cpe:2.3:a:clamav:clamav:0.65
-
cpe:2.3:a:clamav:clamav:0.66
-
cpe:2.3:a:clamav:clamav:0.67
-
cpe:2.3:a:clamav:clamav:0.67-1
-
cpe:2.3:a:clamav:clamav:0.68
-
cpe:2.3:a:clamav:clamav:0.68.1
-
cpe:2.3:a:clamav:clamav:0.70
-
cpe:2.3:a:clamav:clamav:0.70.0
-
cpe:2.3:a:clamav:clamav:0.71
-
cpe:2.3:a:clamav:clamav:0.71.0
-
cpe:2.3:a:clamav:clamav:0.72
-
cpe:2.3:a:clamav:clamav:0.72.0
-
cpe:2.3:a:clamav:clamav:0.73
-
cpe:2.3:a:clamav:clamav:0.73.0
-
cpe:2.3:a:clamav:clamav:0.74
-
cpe:2.3:a:clamav:clamav:0.74.0
-
cpe:2.3:a:clamav:clamav:0.75
-
cpe:2.3:a:clamav:clamav:0.75.0
-
cpe:2.3:a:clamav:clamav:0.75.1
-
cpe:2.3:a:clamav:clamav:0.8
-
cpe:2.3:a:clamav:clamav:0.80
-
cpe:2.3:a:clamav:clamav:0.80.0
-
cpe:2.3:a:clamav:clamav:0.80_rc
-
cpe:2.3:a:clamav:clamav:0.81
-
cpe:2.3:a:clamav:clamav:0.81.0
-
cpe:2.3:a:clamav:clamav:0.82
-
cpe:2.3:a:clamav:clamav:0.82.0
-
cpe:2.3:a:clamav:clamav:0.83
-
cpe:2.3:a:clamav:clamav:0.83.0
-
cpe:2.3:a:clamav:clamav:0.84
-
cpe:2.3:a:clamav:clamav:0.84.0
-
cpe:2.3:a:clamav:clamav:0.85
-
cpe:2.3:a:clamav:clamav:0.85.0
-
cpe:2.3:a:clamav:clamav:0.85.1
-
cpe:2.3:a:clamav:clamav:0.86
-
cpe:2.3:a:clamav:clamav:0.86.0
-
cpe:2.3:a:clamav:clamav:0.86.1
-
cpe:2.3:a:clamav:clamav:0.86.2
-
cpe:2.3:a:clamav:clamav:0.87
-
cpe:2.3:a:clamav:clamav:0.87.0
-
cpe:2.3:a:clamav:clamav:0.87.1
-
cpe:2.3:a:clamav:clamav:0.88
-
cpe:2.3:a:clamav:clamav:0.88.0
-
cpe:2.3:a:clamav:clamav:0.88.1
-
cpe:2.3:a:clamav:clamav:0.88.2
-
cpe:2.3:a:clamav:clamav:0.88.3
-
cpe:2.3:a:clamav:clamav:0.88.4
-
cpe:2.3:a:clamav:clamav:0.88.5
-
cpe:2.3:a:clamav:clamav:0.88.6
-
cpe:2.3:a:clamav:clamav:0.88.7
-
cpe:2.3:a:clamav:clamav:0.88.7_p0
-
cpe:2.3:a:clamav:clamav:0.88.7_p1
-
cpe:2.3:a:clamav:clamav:0.9
-
cpe:2.3:a:clamav:clamav:0.90
-
cpe:2.3:a:clamav:clamav:0.90.0
-
cpe:2.3:a:clamav:clamav:0.90.1
-
cpe:2.3:a:clamav:clamav:0.90.1_p0
-
cpe:2.3:a:clamav:clamav:0.90.2
-
cpe:2.3:a:clamav:clamav:0.90.2_p0
-
cpe:2.3:a:clamav:clamav:0.90.3
-
cpe:2.3:a:clamav:clamav:0.90.3_p0
-
cpe:2.3:a:clamav:clamav:0.90.3_p1
-
cpe:2.3:a:clamav:clamav:0.91
-
cpe:2.3:a:clamav:clamav:0.91.0
-
cpe:2.3:a:clamav:clamav:0.91.1
-
cpe:2.3:a:clamav:clamav:0.91.2
-
cpe:2.3:a:clamav:clamav:0.91.2_p0
-
cpe:2.3:a:clamav:clamav:0.92
-
cpe:2.3:a:clamav:clamav:0.92.0
-
cpe:2.3:a:clamav:clamav:0.92.1
-
cpe:2.3:a:clamav:clamav:0.92_p0
-
cpe:2.3:a:clamav:clamav:0.93
-
cpe:2.3:a:clamav:clamav:0.93.0
-
cpe:2.3:a:clamav:clamav:0.93.1
-
cpe:2.3:a:clamav:clamav:0.93.2
-
cpe:2.3:a:clamav:clamav:0.93.3
-
cpe:2.3:a:clamav:clamav:0.94
-
cpe:2.3:a:clamav:clamav:0.94.0
-
cpe:2.3:a:clamav:clamav:0.94.1
-
cpe:2.3:a:clamav:clamav:0.94.2
-
cpe:2.3:a:clamav:clamav:0.95
-
cpe:2.3:a:clamav:clamav:0.95.0
-
cpe:2.3:a:clamav:clamav:0.95.1
-
cpe:2.3:a:clamav:clamav:0.95.2
-
cpe:2.3:a:clamav:clamav:0.95.3
-
cpe:2.3:a:clamav:clamav:0.96
-
cpe:2.3:a:clamav:clamav:0.96.0
-
cpe:2.3:a:clamav:clamav:0.96.1
-
cpe:2.3:a:clamav:clamav:0.96.2
-
cpe:2.3:a:clamav:clamav:0.96.3
-
cpe:2.3:a:clamav:clamav:0.96.4
-
cpe:2.3:a:clamav:clamav:0.96.5
-
cpe:2.3:a:clamav:clamav:0.97
-
cpe:2.3:a:clamav:clamav:0.97.0
-
cpe:2.3:a:clamav:clamav:0.97.1
-
cpe:2.3:a:clamav:clamav:0.97.2
-
cpe:2.3:a:clamav:clamav:0.97.3
-
cpe:2.3:a:clamav:clamav:0.97.4
-
cpe:2.3:a:clamav:clamav:0.97.5
-
cpe:2.3:a:clamav:clamav:0.97.6
-
cpe:2.3:a:clamav:clamav:0.97.7
-
cpe:2.3:a:clamav:clamav:0.97.8
-
cpe:2.3:a:clamav:clamav:0.98.0
-
cpe:2.3:a:clamav:clamav:0.98.1
-
cpe:2.3:a:clamav:clamav:0.98.3
-
cpe:2.3:a:clamav:clamav:0.98.4
-
cpe:2.3:a:clamav:clamav:0.98.5
-
cpe:2.3:a:clamav:clamav:0.98.6
-
cpe:2.3:a:clamav:clamav:0.98.7
-
cpe:2.3:a:clamav:clamav:0.99.0
-
cpe:2.3:a:clamav:clamav:0.99.1
-
cpe:2.3:a:clamav:clamav:0.99.2
-
cpe:2.3:a:clamav:clamav:0.99.3
-
cpe:2.3:a:clamav:clamav:0.99.4
-
cpe:2.3:a:clamav:clamav:1.0.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.0.3
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.1.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.10.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.12
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.13
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.17
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.18
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.19
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.20
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.21
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.22
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.4
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.5
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.8
-
cpe:2.3:a:stormshield:stormshield_network_security:3.11.9
-
cpe:2.3:a:stormshield:stormshield_network_security:3.2.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.2.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.3.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.4.3
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.5.2
-
cpe:2.3:a:stormshield:stormshield_network_security:3.6.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.6.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.10
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.13
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.16
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.17
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.20
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.21
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.24
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.25
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.29
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.30
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.33
-
cpe:2.3:a:stormshield:stormshield_network_security:3.7.34
-
cpe:2.3:a:stormshield:stormshield_network_security:3.8.0
-
cpe:2.3:a:stormshield:stormshield_network_security:3.8.1
-
cpe:2.3:a:stormshield:stormshield_network_security:3.9.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.10
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.11
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.12
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.12.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.13
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.14
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.15
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.16
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.3
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.5
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.6
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.7
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.8
-
cpe:2.3:a:stormshield:stormshield_network_security:4.3.9
-
cpe:2.3:a:stormshield:stormshield_network_security:4.4.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.4.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.2
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.3
-
cpe:2.3:a:stormshield:stormshield_network_security:4.5.4
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.0
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.1
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.2
-
cpe:2.3:a:stormshield:stormshield_network_security:4.6.3