CVE-2024-9483 - Vulnerability Details - OpenCVE

A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Avast	Antivirus
Avg	Antivirus

Configuration 1 [-]

OR	cpe:2.3:a:avast:antivirus::::::macos::*
	cpe:2.3:a:avg:antivirus::::::macos::*

No data.

References

Link	Providers
https://support.norton.com/sp/static/external/tools/security-advisories.html

History

Fri, 08 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Avast Avast antivirus Avg Avg antivirus
CPEs		cpe:2.3:a:avast:antivirus::::::macos::* cpe:2.3:a:avg:antivirus::::::macos::*
Vendors & Products		Avast Avast antivirus Avg Avg antivirus

Fri, 04 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 04 Oct 2024 13:00:00 +0000

Type	Values Removed	Values Added
Description		A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.
Title		Uninitialized variable in digital signiture verification may crash the application
Weaknesses		CWE-476
References		https://support.norton.com/sp/static/external/tools/security-advisories.html
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: NLOK

Published: 2024-10-04T12:29:16.430Z

Updated: 2024-10-07T11:27:19.528Z

Reserved: 2024-10-03T14:29:36.984Z

Link: CVE-2024-9483

Vulnrichment

Updated: 2024-10-04T13:35:00.944Z

NVD

Status : Analyzed

Published: 2024-10-04T13:15:12.980

Modified: 2024-11-08T20:54:30.980

Link: CVE-2024-9483

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9483", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "state": "PUBLISHED", "assignerShortName": "NLOK", "dateReserved": "2024-10-03T14:29:36.984Z", "datePublished": "2024-10-04T12:29:16.430Z", "dateUpdated": "2024-10-07T11:27:19.528Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS", "Windows", "Linux"], "product": "Antivirus", "vendor": "AVG/Avast", "versions": [{"lessThan": "< 24092400", "status": "affected", "version": "24/Sep/2024", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Mike Zhang, an independent security researcher"}], "datePublic": "2024-10-04T12:29:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing."}], "value": "A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2024-10-07T11:27:19.528Z"}, "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the latest version of virus definitions.<br>"}], "value": "Upgrade to the latest version of virus definitions."}], "source": {"discovery": "EXTERNAL"}, "title": "Uninitialized variable in digital signiture verification may crash the application", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T13:34:56.915713Z", "id": "CVE-2024-9483", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T13:35:04.810Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9483", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T13:34:56.915713Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T13:35:00.944Z"}}], "cna": {"title": "Uninitialized variable in digital signiture verification may crash the application", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Mike Zhang, an independent security researcher"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVG/Avast", "product": "Antivirus", "versions": [{"status": "affected", "version": "24/Sep/2024", "lessThan": "< 24092400", "versionType": "date"}], "platforms": ["MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to the latest version of virus definitions.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the latest version of virus definitions.<br>", "base64": false}]}], "datePublic": "2024-10-04T12:29:00.000Z", "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.", "supportingMedia": [{"type": "text/html", "value": "A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2024-10-07T11:27:19.528Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9483", "state": "PUBLISHED", "dateUpdated": "2024-10-07T11:27:19.528Z", "dateReserved": "2024-10-03T14:29:36.984Z", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "datePublished": "2024-10-04T12:29:16.430Z", "assignerShortName": "NLOK"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4", "versionEndExcluding": "24092400", "vulnerable": true}, {"criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF", "versionEndExcluding": "24092400", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A null-pointer-dereference in the signature verification module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS may allow a malformed xar file to crash the application during processing."}, {"lang": "es", "value": "Una desreferencia de puntero nulo en el m\u00f3dulo de verificaci\u00f3n de firma en la firma AVG/Avast Antivirus <24092400 publicada el 24/sep/2024 en MacOS puede permitir que un archivo xar mal formado bloquee la aplicaci\u00f3n durante el procesamiento."}], "id": "CVE-2024-9483", "lastModified": "2024-11-08T20:54:30.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "security@nortonlifelock.com", "type": "Secondary"}]}, "published": "2024-10-04T13:15:12.980", "references": [{"source": "security@nortonlifelock.com", "tags": ["Not Applicable"], "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@nortonlifelock.com", "type": "Secondary"}]}