CVE-2022-27534Use After Free in Anti-virus

CWE-416Use After Free4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Kaspersky Anti-virusKaspersky Endpoint SecurityKaspersky Internet Security+3 more
Timeline
PublishedApr 1
Latest updateApr 3

Description

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

NVDkaspersky/anti-virus< 12.03.2022
NVDkaspersky/endpoint_security< 12.03.2022
NVDkaspersky/security_cloud< 12.03.2022
NVDkaspersky/total_security< 12.03.2022
NVDkaspersky/internet_security< 12.03.2022

🔴Vulnerability Details

2
GHSA
GHSA-3jp7-w7p7-xq57: Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data pars2022-04-03
CVEList
CVE-2022-27534: Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data pars2022-04-01
CVE-2022-27534 — Use After Free in Kaspersky Anti-virus | cvebase