Lucene search

NLOKCVELIST:CVE-2023-1900

HistoryApr 19, 2023 - 6:47 p.m.

CVE-2023-1900

2023-04-1918:47:17

CWE-190

NLOK

www.cve.org

avira

network protection

local execution

overflow

denial-of-service

endpointprotection.exe

version 1.0.2303.633

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation.
Issue was fixed with Endpointprotection.exe version 1.0.2303.633

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Endpointprotection.exe"
    ],
    "platforms": [
      "Windows"
    ],
    "product": "Avira Antivirus ",
    "vendor": "AVIRA",
    "versions": [
      {
        "lessThan": "1.0.2303.633",
        "status": "affected",
        "version": "0",
        "versionType": "1.0.2303.633 "
      }
    ]
  }
]

References

support.norton.com/sp/static/external/tools/security-advisories.html

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVELIST:CVE-2023-1900