CVE-2023-5760

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

Published: Nov 8, 2023
Updated: Nov 17, 2023
CVE: CVE-2023-5760
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-367

Affected Software
References

Software	From	Fixed in
avast / avg_antivirus	23.8	23.8.x

https://support.norton.com/sp/static/external/tools/security-advisories.html

Vulnerability Database

289,871

CVE-2023-5760