CVE-2023-1631

Published Mar 25, 2023

Last updated 6 months ago

Overview

Description: A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.
Source: cna@vuldb.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Secondary
Base score: 4.6
Impact score: 6.9
Exploitability score: 3.1
Vector string: AV:L/AC:L/Au:S/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-476
cna@vuldb.com: CWE-476

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jiangmin:jiangmin_antivirus:16.2.2022.418:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58D47A82-0F08-4197-9F3E-4676537649DC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References