CVE-2023-5760

CVSS 3.1 Score 7.0 of 10 (high)

Details

Published Nov 8, 2023

Updated: Nov 16, 2023

CWE ID 367

Summary

CVE-2023-5760 is a critical vulnerability affecting Avast and Avg Antivirus versions 23.8. This issue involves a time-of-check to time-of-use (TOCTOU) bug in the handling of IOCTL (input/output control) requests. The TOCTOU bug results in an out-of-bounds write vulnerability, which an attacker can exploit to gain full local privilege escalation on the system. This defect allows malicious actors to manipulate the antivirus software's security checks, potentially compromising the entire system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

avast

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tIwY8q
https://www.cve.org/CVERecord?id=CVE-2023-5760
https://nvd.nist.gov/vuln/detail/CVE-2023-5760

Back to Vulnerability Database

CVE-2023-5760

CVSS 3.1 Score 7.0 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations