CVE-2024-23440

Published: Feb 13, 2024Modified: May 19, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD (Secondary)

Description

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

Affected (1)

Products: Anti Virus: Vba32

Anti Virus

1 product

Vba32

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anti Virus Vba32	Version 3.36.0

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (4)

https://fluidattacks.com/advisories/adderley/

Source: help@fluidattacks.com

Third Party Advisory

https://www.anti-virus.by/vba32

Source: help@fluidattacks.com

Product

https://fluidattacks.com/advisories/adderley/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.anti-virus.by/vba32

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.