CVE-2023-5760

HIGH EPSS 8.8%

Published Nov 8, 20232y ago · Modified Jun 17, 20261w ago

7.0 CVSS 3.1

High

Published Nov 8, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

CVSS Details

Base Score

7.0

Exploitability

1.0

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity High

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

8.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-367

Affected Products 1

Vendor	Product	Version	Range
avast	avg_antivirus	23.8	any

References 1

support.norton.com https://support.norton.com/sp/static/external/tools/security-advisories.html

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.