PT-2023-2531 · Avast+1 · Avast Antivirus+1
Published
2023-04-03
·
Updated
2023-05-18
·
CVE-2023-1586
CVSS v3.1
6.5
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
Avast Antivirus versions prior to 22.11
AVG Antivirus versions prior to 22.11
Description
The issue is related to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process, leading to arbitrary file creation. This vulnerability is associated with synchronization errors when using a shared resource. Exploitation of the vulnerability may allow an attacker to launch an arbitrary file.
Recommendations
For Avast Antivirus versions prior to 22.11, update to version 22.11 to resolve the issue.
For AVG Antivirus versions prior to 22.11, update to version 22.11 to resolve the issue.
As a temporary workaround, consider restricting the restore process in the antivirus software until a patch is available.
Fix
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avg Antivirus
Avast Antivirus