Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-13614

Summary
Assigner-Kaspersky
Assigner Org ID-e45d732a-8f6b-4b6b-be76-7420f6a2b988
Published At-06 Feb, 2025 | 16:13
Updated At-12 Feb, 2025 | 19:51
Rejected At-
Credits

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Kaspersky
Assigner Org ID:e45d732a-8f6b-4b6b-be76-7420f6a2b988
Published At:06 Feb, 2025 | 16:13
Updated At:12 Feb, 2025 | 19:51
Rejected At:
▼CVE Numbering Authority (CNA)

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.

Affected Products
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Anti-Virus SDK for Windows
Default Status
unaffected
Versions
Affected
  • From 8.10.1.1943 through 8.10.1.1943 (custom)
  • From 8.10.1.1943 CF through 8.10.1.1943 CF (custom)
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Security for Virtualization Light Agent
Default Status
unaffected
Versions
Affected
  • From 5.2 before 5.2.27.319 (custom)

unknown

  • From 5.2.27.319 through 5.2.27.319 (custom)
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Endpoint Security for Windows
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Small Office Security
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky for Windows (Standard, Plus, Premium)
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Free
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Anti-Virus
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Internet Security
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Security Cloud
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Safe Kids
Default Status
unknown
Vendor
Kaspersky LabKaspersky
Product
Kaspersky Anti-Ransomware Tool
Default Status
unknown
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions.

Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud

The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.

Configurations
Workarounds
Exploits

There have been no recorded attempts to exploit this issue in the wild.

Credits
finder
Florian Schweins
Timeline
EventDate
Advisory published by Kaspersky2025-02-06 00:00:00
Event: Advisory published by Kaspersky
Date: 2025-02-06 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225
vendor-advisory
Hyperlink: https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vulnerability@kaspersky.com
Published At:06 Feb, 2025 | 17:15
Updated At:06 Feb, 2025 | 17:15

Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-190Secondaryvulnerability@kaspersky.com
CWE ID: CWE-190
Type: Secondary
Source: vulnerability@kaspersky.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225vulnerability@kaspersky.com
N/A
Hyperlink: https://support.kaspersky.com/vulnerability/list-of-advisories/12430#060225
Source: vulnerability@kaspersky.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found