CVE-2022-28964 - OpenCVE

An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:P/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avast	Premium Security

Configuration 1 [-]

cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://forum.avast.com/index.php?topic=317641.0
https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-20T01:13:35

Updated: 2024-08-03T06:10:57.768Z

Reserved: 2022-04-11T00:00:00

Link: CVE-2022-28964

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-20T02:15:07.183

Modified: 2022-06-02T15:12:30.923

Link: CVE-2022-28964

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-20T01:13:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1"}, {"tags": ["x_refsource_MISC"], "url": "https://forum.avast.com/index.php?topic=317641.0"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1", "refsource": "MISC", "url": "https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1"}, {"name": "https://forum.avast.com/index.php?topic=317641.0", "refsource": "MISC", "url": "https://forum.avast.com/index.php?topic=317641.0"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:10:57.768Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://forum.avast.com/index.php?topic=317641.0"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28964", "datePublished": "2022-05-20T01:13:35", "dateReserved": "2022-04-11T00:00:00", "dateUpdated": "2024-08-03T06:10:57.768Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avast:premium_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "189E6486-08D6-429D-9FD7-2F94F8F69E07", "versionEndExcluding": "21.11.2500", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file."}, {"lang": "es", "value": "Una vulnerabilidad de escritura de archivos arbitrarios en Avast Premium Security versiones anteriores a 21.11.2500 (compilaci\u00f3n 21.11.6809.528) permite a atacantes causar una Denegaci\u00f3n de Servicio (DoS) por medio de un archivo DLL dise\u00f1ado"}], "id": "CVE-2022-28964", "lastModified": "2022-06-02T15:12:30.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-20T02:15:07.183", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://forum.avast.com/index.php?topic=317641.0"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2022-AVAST1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}