Wiz
Vulnerability DatabaseCVE-2024-9483

CVE-2024-9483
AVG Antivirus vulnerability analysis and mitigation

Overview

A null-pointer-dereference vulnerability was discovered in the signature verification module of AVG/Avast Antivirus for MacOS. The vulnerability affects versions prior to signature 24092400 released on September 24, 2024. This security flaw was assigned identifier CVE-2024-9483 and was first disclosed on October 4, 2024 (NVD).

Technical details

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. According to the National Vulnerability Database, it received a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The vulnerability requires local access, low attack complexity, and low privileges to exploit, with no user interaction needed (NVD).

Impact

When exploited, this vulnerability allows a malformed xar file to crash the application during processing, potentially leading to a denial of service condition. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity (NVD).

Mitigation and workarounds

The vulnerability was addressed in AVG/Avast Antivirus signature version 24092400 and later. Users should ensure their antivirus signatures are updated to the latest version to mitigate this vulnerability (Norton Advisory).

Additional resources

SourceThis report was generated using AI

Related AVG Antivirus vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-7237HIGH7.8
  • AVG AntivirusAVG Antivirus
  • cpe:2.3:a:avg:antivirus
NoNoNov 22, 2024
CVE-2024-7234HIGH7.8
  • AVG AntivirusAVG Antivirus
  • cpe:2.3:a:avg:antivirus
NoYesNov 22, 2024
CVE-2024-7236MEDIUM5.5
  • AVG AntivirusAVG Antivirus
  • cpe:2.3:a:avg:antivirus
NoYesNov 22, 2024
CVE-2024-7235MEDIUM5.5
  • AVG AntivirusAVG Antivirus
  • cpe:2.3:a:avg:antivirus
NoYesNov 22, 2024
CVE-2024-9484MEDIUM5.5
  • AVG AntivirusAVG Antivirus
  • cpe:2.3:a:avast:antivirus
NoYesOct 04, 2024

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo