CVE-2023-1586

CWE-3673 documents3 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 67.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Avast AntivirusAVG Anti-virusAvast Avast Antivirus+1 more
Timeline
PublishedApr 19

Description

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:LExploitability: 1.0 | Impact: 5.5

Affected Packages4 packages

NVDavast/antivirus22.522.11
CVEListV5avast/avast_antivirus22.522.10
CVEListV5avg/avg_antivirus22.522.10
NVDavg/anti-virus22.522.11

🔴Vulnerability Details

2
CVEList
CVE-2023-1586: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary2023-04-19
GHSA
GHSA-h5r6-2gq4-p8x5: Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary2023-04-19
CVE-2023-1586 (MEDIUM CVSS 4.7) | Avast and AVG Antivirus for Windows | cvebase.io