Heap-Based Overflow Vulnerability in Trellix Agent for Windows and Linux
CVE-2023-0977

6.7MEDIUM

Key Information:

Vendor: Trellix
Status: Trellix Agent
Vendor: CVE Published:; 3 April 2023

Summary

A heap-based overflow vulnerability exists in Trellix Agent for both Windows and Linux, affecting versions 5.7.8 and earlier. This flaw enables a remote user to manipulate the page heap within the macmnsvc process. Successful exploitation can lead to service disruption, impacting the availability of the Trellix Agent.

Affected Version(s)

Trellix Agent Windows 5.7.8 <= 5.7.8

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 3, 2023
Vulnerability Reserved
Feb 23, 2023

Credit

changyi(changyioo63.163.com) and e1ya([email protected])