CVE-2023-1586 MEDIUM

CVE-2023-1586

Vendor Avast
Product Avast Antivirus
Weakness CWE-367
Published April 19, 2023
Last update February 5, 2025

CVSS base score

6.5/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11

Key dates

02Disclosure timeline

April 19, 2023 CVE published
February 5, 2025 Record updated