How severe is CVE-2024-7236?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-7236?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2024-7236 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. Was ZDI-CAN-22942.

Related Vulnerabilities

CVE-2018-5107

MEDIUM

CVSS:5.3(Medium)

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitr...

CWE-592018

CVE-2021-28153

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the ...

CWE-592021

CVE-2022-4122

MEDIUM

CVSS:5.3(Medium)

A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

CWE-592022

CVE-2023-41971

MEDIUM

CVSS:5.3(Medium)

An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Win...

CWE-592023

CVE-2024-21397

MEDIUM

CVSS:5.3(Medium)

Microsoft Azure File Sync Elevation of Privilege Vulnerability

CWE-592024

CVE-1999-0783

MEDIUM

CVSS:5.5(Medium)

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

CWE-591999