PT-2022-6082 · Avast · Avast Antivirus

Or Yair

Published

2022-10-06

Updated

2023-06-27

CVE-2022-4291

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to 18.0.1478

Description The issue is related to a heap corruption vulnerability in the aswjsflt.dll library of Avast Antivirus, which could allow an attacker to bypass the sandbox of the application it was loaded into. This vulnerability is associated with a buffer overflow in memory when loading the aswjsflt.dll library.

Recommendations For versions prior to 18.0.1478, update the Script Shield Component to version 18.0.1478 to resolve the issue. As a temporary workaround, consider restricting the use of the aswjsflt.dll library until the update is applied.

Fix

Memory Corruption

Buffer Overflow

Heap Based Buffer Overflow

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119CWE-122CWE-427

Related Identifiers

BDU:2023-00019

CVE-2022-4291

Affected Products

Avast Antivirus

PT-2022-6082 · Avast · Avast Antivirus

CVE-2022-4291

Weakness Enumeration

Related Identifiers

Affected Products

References · 5