CVE-2024-9484 - Vulnerability Details - OpenCVE

An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Avast	Antivirus
Avg	Antivirus

Configuration 1 [-]

OR	cpe:2.3:a:avast:antivirus::::::macos::*
	cpe:2.3:a:avg:antivirus::::::macos::*

No data.

References

Link	Providers
https://support.norton.com/sp/static/external/tools/security-advisories.html

History

Fri, 08 Nov 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Avast Avast antivirus Avg Avg antivirus
CPEs		cpe:2.3:a:avast:antivirus::::::macos::* cpe:2.3:a:avg:antivirus::::::macos::*
Vendors & Products		Avast Avast antivirus Avg Avg antivirus

Fri, 04 Oct 2024 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 04 Oct 2024 13:00:00 +0000

Type	Values Removed	Values Added
Description		An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.
Weaknesses		CWE-476
References		https://support.norton.com/sp/static/external/tools/security-advisories.html
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: NLOK

Published: 2024-10-04T12:44:25.057Z

Updated: 2024-10-07T11:27:37.651Z

Reserved: 2024-10-03T14:29:40.798Z

Link: CVE-2024-9484

Vulnrichment

Updated: 2024-10-04T13:31:42.859Z

NVD

Status : Analyzed

Published: 2024-10-04T13:15:13.167

Modified: 2024-11-08T20:55:14.283

Link: CVE-2024-9484

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9484", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "state": "PUBLISHED", "assignerShortName": "NLOK", "dateReserved": "2024-10-03T14:29:40.798Z", "datePublished": "2024-10-04T12:44:25.057Z", "dateUpdated": "2024-10-07T11:27:37.651Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS", "Windows", "Linux"], "product": "Antivirus", "vendor": "AVG/Avast", "versions": [{"lessThan": "< 24092400", "status": "affected", "version": "24/Sep/2024", "versionType": "date"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mike Zhang, an independent security researcher"}], "datePublic": "2024-10-04T12:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing."}], "value": "An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2024-10-07T11:27:37.651Z"}, "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade to the latest version of virus definitions.<br>"}], "value": "Upgrade to the latest version of virus definitions."}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T13:31:38.216327Z", "id": "CVE-2024-9484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T13:31:46.193Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T13:31:38.216327Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T13:31:42.859Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mike Zhang, an independent security researcher"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "AVG/Avast", "product": "Antivirus", "versions": [{"status": "affected", "version": "24/Sep/2024", "lessThan": "< 24092400", "versionType": "date"}], "platforms": ["MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to the latest version of virus definitions.", "supportingMedia": [{"type": "text/html", "value": "Upgrade to the latest version of virus definitions.<br>", "base64": false}]}], "datePublic": "2024-10-04T12:44:00.000Z", "references": [{"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.", "supportingMedia": [{"type": "text/html", "value": "An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "shortName": "NLOK", "dateUpdated": "2024-10-07T11:27:37.651Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9484", "state": "PUBLISHED", "dateUpdated": "2024-10-07T11:27:37.651Z", "dateReserved": "2024-10-03T14:29:40.798Z", "assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e", "datePublished": "2024-10-04T12:44:25.057Z", "assignerShortName": "NLOK"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avast:antivirus:*:*:*:*:*:macos:*:*", "matchCriteriaId": "332D750A-C14D-4E7D-8296-99B46A1155A4", "versionEndExcluding": "24092400", "vulnerable": true}, {"criteria": "cpe:2.3:a:avg:antivirus:*:*:*:*:*:macos:*:*", "matchCriteriaId": "D2EB9416-935A-4FF0-AD75-DFCDD6BC1AFF", "versionEndExcluding": "24092400", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An null-pointer-derefrence in the engine module in AVG/Avast Antivirus signature <24092400 released on 24/Sep/2024 on MacOS allows a malformed xar file to crash the application during file processing."}, {"lang": "es", "value": "Una eliminaci\u00f3n de referencia de puntero nulo en el m\u00f3dulo del motor en la firma AVG/Avast Antivirus <24092400 publicada el 24/sep/2024 en MacOS permite que un archivo xar mal formado bloquee la aplicaci\u00f3n durante el procesamiento del archivo."}], "id": "CVE-2024-9484", "lastModified": "2024-11-08T20:55:14.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "security@nortonlifelock.com", "type": "Secondary"}]}, "published": "2024-10-04T13:15:13.167", "references": [{"source": "security@nortonlifelock.com", "tags": ["Not Applicable"], "url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"}], "sourceIdentifier": "security@nortonlifelock.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@nortonlifelock.com", "type": "Secondary"}]}