CVE-2023-20197

Summary

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Endpoint6.0.9affected
CiscoCisco Secure Endpoint6.0.7affected
CiscoCisco Secure Endpoint6.1.5affected
CiscoCisco Secure Endpoint6.1.7affected
CiscoCisco Secure Endpoint6.1.9affected
CiscoCisco Secure Endpoint6.2.1affected
CiscoCisco Secure Endpoint6.2.5affected
CiscoCisco Secure Endpoint6.2.19affected
CiscoCisco Secure Endpoint6.2.9affected
CiscoCisco Secure Endpoint6.3.5affected
CiscoCisco Secure Endpoint6.3.1affected
CiscoCisco Secure Endpoint6.3.7affected
CiscoCisco Secure Endpoint6.3.3affected
CiscoCisco Secure Endpoint7.0.5affected
CiscoCisco Secure Endpoint7.1.1affected
CiscoCisco Secure Endpoint7.1.5affected
CiscoCisco Secure Endpoint1.12.1affected
CiscoCisco Secure Endpoint1.12.2affected
CiscoCisco Secure Endpoint1.12.5affected
CiscoCisco Secure Endpoint1.12.0affected
CiscoCisco Secure Endpoint1.12.6affected
CiscoCisco Secure Endpoint1.12.3affected
CiscoCisco Secure Endpoint1.12.7affected
CiscoCisco Secure Endpoint1.12.4affected
CiscoCisco Secure Endpoint1.13.0affected
CiscoCisco Secure Endpoint1.13.1affected
CiscoCisco Secure Endpoint1.13.2affected
CiscoCisco Secure Endpoint1.11.0affected
CiscoCisco Secure Endpoint1.10.2affected
CiscoCisco Secure Endpoint1.10.1affected
CiscoCisco Secure Endpoint1.10.0affected
CiscoCisco Secure Endpoint1.14.0affected
CiscoCisco Secure Endpoint1.6.0affected
CiscoCisco Secure Endpoint1.9.0affected
CiscoCisco Secure Endpoint1.9.1affected
CiscoCisco Secure Endpoint1.8.1affected
CiscoCisco Secure Endpoint1.8.0affected
CiscoCisco Secure Endpoint1.8.4affected
CiscoCisco Secure Endpoint1.7.0affected
CiscoCisco Secure Endpoint7.2.13affected
CiscoCisco Secure Endpoint7.2.7affected
CiscoCisco Secure Endpoint7.2.3affected
CiscoCisco Secure Endpoint7.2.11affected
CiscoCisco Secure Endpoint7.2.5affected
CiscoCisco Secure Endpoint7.3.3affected
CiscoCisco Secure Endpoint7.3.5affected
CiscoCisco Secure Endpoint8.1.5affected
CiscoCisco Secure Endpoint Private Cloud ConsoleN/Aaffected

Weaknesses

  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CVE Program Container

Additional References

References