CVE-2023-1587
published 2023-04-19CVE-2023-1587: Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus…
PriorityP418medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
EPSS
0.21%
11.3th percentile
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| avast | antivirus | >= 22.5 < 22.11 | 22.11 |
| avast | avast_antivirus | 22.5 – 22.10 | — |
| avg | anti-virus | >= 22.5 < 22.11 | 22.11 |
| avg | avg_antivirus | 22.5 – 22.10 | — |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vendor_oracle9.1CRITICAL
vendor_msrc4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2778-cfx6-g2xp: Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface
ghsa_unreviewed·2023-04-19
CVE-2023-1587 [MEDIUM] CWE-476 GHSA-2778-cfx6-g2xp: Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface
Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. The issue was fixed with Avast and AVG Antivirus version 22.11
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) — CVE-2022-1587
vendor_oracle·2023-04-15·CVSS 9.1
CVE-2022-1587 [CRITICAL] Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) — CVE-2022-1587
Oracle Oracle Analytics Risk Matrix: Analytics Server (PCRE2) vulnerability
CVE: CVE-2022-1587
CVSS: 9.1
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2023 (APR 2023)
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2023-02-14·CVSS 4.3
CVE-2023-21794 [MEDIUM] Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?
The user would need to access the URL of the malicious website, which could spoof the content of a legitimate website, and then click a popup displayed on that site.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
110.0.1587.41
2/9/2023
110.0.5481.78
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
Microsoft Edge (Chromium-based): Micros
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-19
Published