Lucene search

[email protected]CVE-2022-4291

HistoryDec 08, 2022 - 12:15 a.m.

CVE-2022-4291

2022-12-0800:15:10

CWE-119

CWE-787

[email protected]

web.nvd.nist.gov

avast

antivirus

aswjsflt.dll

heap corruption

vulnerability

exploit

bypass sandbox

script shield component

nvd

cve-2022-4291

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.

Affected configurations

NVD

Node

avastscript_shieldRange≤18.0.1473.0

CPENameOperatorVersion
avast:script_shieldavast script shieldle18.0.1473.0

CPE	Name	Operator	Version
avast:script_shield	avast script shield	le	18.0.1473.0

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Script Shield"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Avast Antivirus",
    "vendor": "NortonLifelock",
    "versions": [
      {
        "lessThanOrEqual": "18.0.1473.0",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.norton.com/sp/static/external/tools/security-advisories.html

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.5%

JSON

Related for CVE-2022-4291

nvd1 prion1 cvelist1