ByteOS Network

CVE Vulnerability Details :

CVE-2023-2875

PUBLISHED

More Info Official Page

Assigner-VulDB

Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5

Published At-24 May, 2023 | 19:00

Updated At-02 Aug, 2024 | 06:33

▼CVE Numbering Authority (CNA)

eScan Antivirus IoControlCode PROCOBSRVESX.SYS 0x22E008u null pointer dereference

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

Vendor

eScan

Product

Antivirus

Modules

IoControlCode Handler

Versions

Affected

22.0.1400.2443

Problem Types

Type	CWE ID	Description
CWE	CWE-476	CWE-476 NULL Pointer Dereference

Type: CWE

CWE ID: CWE-476

Description: CWE-476 NULL Pointer Dereference

Metrics

Version	Base score	Base severity	Vector
3.1	5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2.0	4.6	N/A	AV:L/AC:L/Au:S/C:N/I:N/A:C

Version: 3.1

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Version: 2.0

Base score: 4.6

Base severity: N/A

Vector:

AV:L/AC:L/Au:S/C:N/I:N/A:C

Credits

analyst

Zeze7w (VulDB User)

Timeline

Event	Date
Advisory disclosed	2023-05-24 00:00:00
CVE reserved	2023-05-24 00:00:00
VulDB entry created	2023-05-24 02:00:00
VulDB entry last update	2023-06-17 09:43:25

Event: Advisory disclosed

Date: 2023-05-24 00:00:00

Event: CVE reserved

Date: 2023-05-24 00:00:00

Event: VulDB entry created

Date: 2023-05-24 02:00:00

Event: VulDB entry last update

Date: 2023-06-17 09:43:25

References

Hyperlink	Resource
https://vuldb.com/?id.229854	vdb-entry technical-description
https://vuldb.com/?ctiid.229854	signature permissions-required
https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875	related
https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing	exploit

Hyperlink: https://vuldb.com/?id.229854

Resource:

vdb-entry

technical-description

Hyperlink: https://vuldb.com/?ctiid.229854

Resource:

signature

permissions-required

Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875

Resource:

Hyperlink: https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing

Resource:

exploit

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://vuldb.com/?id.229854	vdb-entry technical-description x_transferred
https://vuldb.com/?ctiid.229854	signature permissions-required x_transferred
https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875	related x_transferred
https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing	exploit x_transferred

Hyperlink: https://vuldb.com/?id.229854

Resource:

vdb-entry

technical-description

x_transferred

Hyperlink: https://vuldb.com/?ctiid.229854

Resource:

signature

permissions-required

x_transferred

Hyperlink: https://github.com/zeze-zeze/WindowsKernelVuln/blob/master/CVE-2023-2875

Resource:

x_transferred

Hyperlink: https://drive.google.com/file/d/1fvlP0d9HmApjWhYDjgsdco7g7FPsbn0V/view?usp=sharing

Resource:

exploit

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References