CVE-2022-4291Improper Restriction of Operations within the Bounds of a Memory Buffer in Avast Antivirus

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write3 documents3 sources
Severity
10.0CRITICALNVD
CNA7.7
EPSS
0.1%
top 65.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nortonlifelock Avast AntivirusAvast Script Shield
Timeline
PublishedDec 8

Description

The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages2 packages

NVDavast/script_shield18.0.1473.0
CVEListV5nortonlifelock/avast_antivirus18.0.1473.0

🔴Vulnerability Details

2
GHSA
GHSA-m5gg-2gxj-3qqx: The aswjsflt2022-12-08
CVEList
Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption2022-12-07
CVE-2022-4291 — Avast Antivirus vulnerability | cvebase