CVE-2023-1585
First published: Wed Apr 19 2023(Updated: )
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later.
Credit: security@nortonlifelock.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Avast AntiVirus | >=22.5<22.11 | |
| AVG Anti-Virus | >=22.5<22.11 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-1585.
What is the severity rating of CVE-2023-1585?
The severity rating of CVE-2023-1585 is medium, with a value of 6.3.
Which software versions are affected by CVE-2023-1585?
Avast Antivirus and AVG Anti-Virus versions between 22.5 and 22.11 are affected by CVE-2023-1585.
How can I fix CVE-2023-1585?
To fix CVE-2023-1585, update Avast and AVG Antivirus to version 22.11 and ensure virus definitions from 14 February 2023 or later are installed.
Is Microsoft Windows affected by CVE-2023-1585?
No, Microsoft Windows is not affected by CVE-2023-1585.
- collector/nvd-index
- agent/severity
- agent/author
- agent/tags
- agent/weakness
- agent/type
- agent/event
- agent/references
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/avast
- canonical/avast antivirus
- version/avast antivirus/22.5
- vendor/avg
- canonical/avg anti-virus
- version/avg anti-virus/22.5
- vendor/microsoft
- canonical/microsoft windows