CVE-2023-1585 MEDIUM

CVE-2023-1585

Vendor Avast
Product Avast Antivirus
Weakness CWE-367
Published April 19, 2023
Last update February 5, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.

Key dates

02Disclosure timeline

April 19, 2023 CVE published
February 5, 2025 Record updated