CVE-2024-23439

Published: Feb 13, 2024Modified: May 19, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD (Secondary)

Description

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.

Affected (1)

Products: Anti Virus: Vba32

Anti Virus

1 product

Vba32

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anti Virus Vba32	Version 3.36.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://fluidattacks.com/advisories/adderley/

Source: help@fluidattacks.com

Third Party Advisory

https://www.anti-virus.by/vba32

Source: help@fluidattacks.com

Product

https://fluidattacks.com/advisories/adderley/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.anti-virus.by/vba32

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.