Avg Antivirus
CVE-2023-5760
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.
AnalysisAI
A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. Rated high severity (CVSS 7.0). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-367. A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.8. Affected products include: Avast Avg Antivirus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Avg Antivirus
View allA vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write acces
Local code execution and denial-of-service in Gen Digital antivirus engines (Avast, AVG, Norton, Avast One, Avast Busine
Local code execution or antivirus-process denial-of-service in Gen Digital's shared scanning engine (Avast Antivirus, AV
Out-of-bounds heap read in the Gen Digital antivirus scanning engine (Avast, AVG, Norton, Avast One, Avast Business) all
Heap out-of-bounds write in Gen Digital's shared antivirus scanning engine allows local code execution or denial of serv
Stack overflow in Gen Digital's shared antivirus scanning engine crashes the AV process when it parses a malformed Offic
Stack overflow via uncontrolled recursion crashes the antivirus scanning process across all Gen Digital consumer and bus
Stack use-after-free in the Gen Digital shared antivirus scanning engine crashes the antivirus process when it parses a
Uncontrolled recursion in the Gen Digital shared scanning engine crashes the antivirus process when it encounters a spec
An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to imprope
The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today