First published: Mon Apr 03 2023(Updated: )
A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.
Credit: trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
Trellix Agent | <=5.7.8 | |
Linux Linux kernel | ||
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability is identified by CVE-2023-0977.
CVE-2023-0977 has a severity level of 6.5 (medium).
Versions 5.7.8 and earlier of Trellix Agent for Windows and Linux are affected by CVE-2023-0977.
CVE-2023-0977 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable.
No, Linux Linux kernel and Microsoft Windows are not affected by CVE-2023-0977.
More information about CVE-2023-0977 can be found at https://kcm.trellix.com/corporate/index?page=content&id=SB10396.