Lucene search

NLOKCVE-2023-1900

HistoryApr 19, 2023 - 7:15 p.m.

CVE-2023-1900

2023-04-1919:15:07

CWE-190

NLOK

web.nvd.nist.gov

cve-2023-1900

avira

network protection

vulnerability

heap corruption

denial-of-service

nvd

security

overflow

local execution

endpointprotection.exe

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

15.9%

JSON

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation.
Issue was fixed with Endpointprotection.exe version 1.0.2303.633

Affected configurations

Nvd

Node

aviraantivirusRange<1.0.2303.633windows

VendorProductVersionCPE
aviraantivirus*cpe:2.3:a:avira:antivirus:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
avira	antivirus	*	cpe:2.3:a:avira:antivirus::::::windows::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Endpointprotection.exe"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Avira Antivirus ",
    "vendor": "AVIRA",
    "versions": [
      {
        "lessThan": "1.0.2303.633",
        "status": "affected",
        "version": "0",
        "versionType": "1.0.2303.633 "
      }
    ]
  }
]

References

support.norton.com/sp/static/external/tools/security-advisories.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

5.3

Confidence

High

EPSS

Percentile

15.9%

JSON

Related for CVE-2023-1900