VDB
CVE-2023-20032
CVE-2023-20032
PUBLISHED
CVSS 7.800000190734863 HIGH
A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An authenticated attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.
EPSS 7.12% · 91.7th percentile
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/RC:C
EPSS Score
7.12%
91.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | ABB M2M Gateway ARM600, firmware versions >=4.1.2|<=5.0.3 | |
| ABB | ABB M2M Gateway SW, software versions >=5.0.1|<=5.0.3 |
Timeline
- Feb 16, 2023 CVE Published
- Mar 1, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 18, 2023 EPSS Score
- Jun 26, 2023 EPSS Score
- Sep 13, 2023 EPSS Score
- Nov 30, 2023 EPSS Score
- Feb 16, 2024 EPSS Score
- Mar 26, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 29, 2024 EPSS Score
References
- https://psirt.abb.com/csaf/2025/2nga002579.json advisory
- https://library.e.abb.com/public/ffab1a14a42646c6adee38fc3de61dad/Arctic_csdepl_758860_ENf.pdf advisory
- https://library.e.abb.com/public/0498e4c0babd46aa9243aedd6f99c375/ARM600_user_758861_ENk.pdf advisory
- https://new.abb.com/service/electrification/life-cycle-management?pe_data=D42415F457244415145784545584371%7C29609824 advisory
- https://search.abb.com/library/Download.aspx?DocumentID=2NGA002579&LanguageCode=en&DocumentPartId=pdf&Action=Launch advisory
- https://search.abb.com/library/Download.aspx?DocumentID=1MRS758860&LanguageCode=en&DocumentPartId=&Action=Launch advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20032 advisory