exploitDog

CVE-2023-5760

Опубликовано: 08 нояб. 2023

Источник: nvd

CVSS3: 8.2

CVSS3: 7

EPSS Низкий

Описание

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

Ссылки

https://support.norton.com/sp/static/external/tools/security-advisories.html
Third Party Advisory
https://support.norton.com/sp/static/external/tools/security-advisories.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avast:avg_antivirus:23.8:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00098

Низкий

8.2 High

CVSS3

7 High

CVSS3

Дефекты

CWE-367

CWE-367

Связанные уязвимости

GHSA-c65v-cwf9-f69v

github

около 2 лет назад

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

EPSS

Процентиль: 28%

0.00098

Низкий

8.2 High

CVSS3

7 High

CVSS3

Дефекты

CWE-367

CWE-367