Vulnerability in ClamAV

A CVE has been detected in the virusscanner ClamAV. I’m writing this post to notify my community because I write a lot about Synology.

Overview

Multiple vulnerabilities allow remote attackers to possibly execute arbitrary code or local users to obtain sensitive information via a susceptible version of Antivirus Essential, Synology Mail Server, and Synology MailPlus Server.

• Synology CVE Status
• CVE-2023-20032
• CVE-2023-20052

What is a CVE?

CVE stands for Common Vulnerabilities and Exposures, a CVE provides a reference method for publicly known information security vulnerabilities and exposures. More information: Wikipedia CVE

Actions

The advice is to update the following Synology packages as soon as the update is available.

• Antivirus Essential
• Synology Mail Server
• Synology MailPlus Server

Tags

• Synology
• DSM6
• DSM7
• Security