Lucene search

TrellixCVELIST:CVE-2023-1388

HistoryJun 07, 2023 - 7:32 a.m.

CVE-2023-1388

2023-06-0707:32:52

trellix

www.cve.org

cve-2023-1388

remote user

page heap

macmnsvc process

service unavailable

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

8.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.0%

JSON

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "Trellix Agent",
    "vendor": "Trellix",
    "versions": [
      {
        "status": "affected",
        "version": "5.7.8"
      }
    ]
  }
]

References

kcm.trellix.com/corporate/index?page=content&id=SB10398