ClamAV Exposed to WinRAR Code Execution Vulnerability (CVE-2023-40477)

August 30, 2023

In the modern era of rapid technological advancement, the protection of our digital data is of utmost importance. Antivirus software plays a crucial role in this defense mechanism, constantly working to detect and neutralize potential threats. One significant player in the antivirus arena is ClamAV – an open-source toolkit designed specifically for scanning emails on mail gateways.

Recently, a potential vulnerability associated with ClamAV has been identified. This flaw is connected to RARLAB’s WinRAR software and is identified as CVE-2023-40477. This vulnerability provides an opportunity for adversaries to remotely execute arbitrary code. The flaw originates from a buffer overflow issue that arises when processing recovery volume names in the obsolete RAR 3.0 format. To exploit this vulnerability, a user would need to unpack a RAR file located in the same directory as a REV file with a manipulated name. WinRAR has addressed and rectified this flaw in its 6.23 version.

The primary concern comes from “UnRAR”, an open-source library developed by WinRAR’s developers. ClamAV integrates this library under the name “libclamunrar”. As ClamAV explained in a blog post, “We are concerned that ClamAV may be affected by CVE-2023-40477.” In essence, a potential attacker could exploit the vulnerability by persuading an unsuspecting victim to open a manipulated file. This would give them the capability to execute any code within the context of the ongoing process.

Versions of ClamAV including 1.1.x prior to 1.1.2, 1.0.x prior to 1.0.3, and 0.103.x earlier than 0.103.10 are impacted by this vulnerability. ClamAV has released versions 1.2.0, 1.1.1, 1.0.2, and 0.103.10 to patch the vulnerability. Users of ClamAV are advised to update to the latest version as soon as feasible.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.