CVE-2023-1585

CWE-3673 documents3 sources
Severity
6.3MEDIUM
EPSS
0.1%
top 78.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Avast AntivirusAVG Anti-virusAvast Avast Antivirus+1 more
Timeline
PublishedApr 19

Description

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 1.0 | Impact: 5.5

Affected Packages4 packages

NVDavast/antivirus22.522.11
CVEListV5avast/avast_antivirus22.522.10
CVEListV5avg/avg_antivirus22.522.10
NVDavg/anti-virus22.522.11

🔴Vulnerability Details

2
GHSA
GHSA-rh45-x729-x2qp: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbit2023-04-19
CVEList
CVE-2023-1585: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbit2023-04-19
CVE-2023-1585 (MEDIUM CVSS 6.3) | Avast and AVG Antivirus for Windows | cvebase.io