CVE-2023-5760 HIGH

CVE-2023-5760: Time-of-check to time-of-use (TOCTOU) bug leads to full local privilege escalation.

Vendor Avast/Avg
Product Avast/Avg Antivirus
Weakness CWE-367
Published November 8, 2023
Last update September 3, 2024

CVSS base score

8.2/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.

Key dates

02Disclosure timeline

November 8, 2023 CVE published
September 3, 2024 Record updated