[Japanese]

JVNDB-2022-000017

Norton Security for Mac improperly processes ICMP packets

Overview

Norton Security for Mac provided by NortonLifeLock Inc. is antivirus software.
Norton Security for Mac improperly processes ICMP packets, which may result in OS to crash (CWE-20).

Yuki Meguro of Tohoku Information Systems Company, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 7.1 (High) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 4.9 (Medium) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Complete
Affected Products


NortonLifeLock Inc.
  • Norton Security for Mac versions prior to 8.6.6

Impact

An unprivileged user may cause a denial-of-service (DoS) condition on the OS.
Solution

[Update the Software]
Update the software to the latest version according to the information provided by the developer.

The developer states that the vulnerability does not exist if the product is updated to version 8.6.6 or later, with macOS 10.15 or later.
Vendor Information

NortonLifeLock Inc.
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN : JVN#87683137
Revision History

  • [2022/03/03]
      Web page was published

Date Public2022/03/03
Date First Published2022/03/03
Date Last Updated2022/03/03