Buffer Overflow Vulnerability in Avast AntiVirus Affecting Local Users
CVE-2020-20118

5.5MEDIUM

Key Information:

Vendor: Avast
Status: Antivirus
Vendor: CVE Published:; 11 July 2023

What is CVE-2020-20118?

A buffer overflow vulnerability exists in earlier versions of Avast AntiVirus that can be exploited by a local attacker. This vulnerability allows the attacker to send specially crafted requests to the aswSnx.sys driver, leading to potential denial of service conditions. Users are encouraged to upgrade to the latest version of Avast AntiVirus to mitigate this risk.

References

http://avast.com

https://gitlab.com/yongchuank/avast-aswsnx-ioctl-82ac0060...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Aug 13, 2020