Search criteria
2 vulnerabilities found for script_shield by avast
CVE-2022-4291 (GCVE-0-2022-4291)
Vulnerability from cvelistv5 – Published: 2022-12-07 23:45 – Updated: 2025-04-14 17:57
VLAI
Title
Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption
Summary
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NortonLifelock | Avast Antivirus |
Affected:
0 , ≤ 18.0.1473.0
(custom)
|
Date Public
2022-12-07 23:25
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:53:42.396190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:57:54.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Script Shield"
],
"platforms": [
"Windows"
],
"product": "Avast Antivirus",
"vendor": "NortonLifelock",
"versions": [
{
"lessThanOrEqual": "18.0.1473.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-07T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Heap Corruption"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:45:04.707Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2022-4291",
"datePublished": "2022-12-07T23:45:04.707Z",
"dateReserved": "2022-12-05T17:33:48.757Z",
"dateUpdated": "2025-04-14T17:57:54.578Z",
"requesterUserId": "a89eadfe-7713-4641-b4d7-9b7a3717e63f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4291 (GCVE-0-2022-4291)
Vulnerability from nvd – Published: 2022-12-07 23:45 – Updated: 2025-04-14 17:57
VLAI
Title
Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption
Summary
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NortonLifelock | Avast Antivirus |
Affected:
0 , ≤ 18.0.1473.0
(custom)
|
Date Public
2022-12-07 23:25
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:34:50.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T14:53:42.396190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T17:57:54.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Script Shield"
],
"platforms": [
"Windows"
],
"product": "Avast Antivirus",
"vendor": "NortonLifelock",
"versions": [
{
"lessThanOrEqual": "18.0.1473.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-12-07T23:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Heap Corruption"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T23:45:04.707Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://support.norton.com/sp/static/external/tools/security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Aswjsflt.dll in Avast Antivirus windows caused a crash of the Mozilla Firefox browser due to heap corruption",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2022-4291",
"datePublished": "2022-12-07T23:45:04.707Z",
"dateReserved": "2022-12-05T17:33:48.757Z",
"dateUpdated": "2025-04-14T17:57:54.578Z",
"requesterUserId": "a89eadfe-7713-4641-b4d7-9b7a3717e63f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}