Search for vulnerabilities
Vulnerability details: VCID-vk8j-ajg7-5uea
Vulnerability ID VCID-vk8j-ajg7-5uea
Aliases CVE-2023-20197
Summary A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
System Score Found at
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
epss 0.00365 https://api.first.org/data/v1/epss?cve=CVE-2023-20197
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-20197
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-20197
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-rNwNEEee
1050057 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:linux:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:macos:*:*
cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
CVE-2023-20197 https://nvd.nist.gov/vuln/detail/CVE-2023-20197
USN-6303-1 https://usn.ubuntu.com/6303-1/
USN-6303-2 https://usn.ubuntu.com/6303-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-20197
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57793
EPSS Score 0.00365
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:36:46.855324+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/6303-2/ 37.0.0