Lucene search

NLOKCVELIST:CVE-2023-1900

HistoryApr 19, 2023 - 6:47 p.m.

CVE-2023-1900

2023-04-1918:47:17

CWE-190

NLOK

www.cve.org

avira

network protection

local execution

overflow

denial-of-service

endpointprotection.exe

version 1.0.2303.633

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

15.9%

JSON

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation.
Issue was fixed with Endpointprotection.exe version 1.0.2303.633

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Endpointprotection.exe"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Avira Antivirus ",
    "vendor": "AVIRA",
    "versions": [
      {
        "lessThan": "1.0.2303.633",
        "status": "affected",
        "version": "0",
        "versionType": "1.0.2303.633 "
      }
    ]
  }
]

References

support.norton.com/sp/static/external/tools/security-advisories.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2023-1900