Lucene search

[email protected]NVD:CVE-2023-0977

HistoryApr 03, 2023 - 4:15 p.m.

CVE-2023-0977

2023-04-0316:15:07

CWE-787

CWE-120

[email protected]

web.nvd.nist.gov

vulnerability

trellix agent

heap-based overflow

windows

linux

remote user

alter

page heap

macmnsvc process

memory block

service unavailable

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.7%

JSON

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

Affected configurations

NVD

Node

trellixagentRange≤5.7.8

AND

linuxlinux_kernelMatch-

microsoftwindowsMatch-

References

kcm.trellix.com/corporate/index?page=content&id=SB10396

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for NVD:CVE-2023-0977

cve1 prion1 nessus2 cvelist1