CVE-2023-0977 MEDIUM

CVE-2023-0977

Vendor Trellix
Product Trellix Agent
Weakness CWE-120
Published April 3, 2023
Last update February 11, 2025

CVSS base score

6.7/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.

Key dates

02Disclosure timeline

April 3, 2023 CVE published
February 11, 2025 Record updated