Lucene search

ESETCVELIST:CVE-2022-2402

HistorySep 06, 2022 - 5:18 p.m.

CVE-2022-2402 Stack Overflow in ESET Endpoint Encryption and ESET Full Disk Encryption for Windows

2022-09-0617:18:51

CWE-121

ESET

www.cve.org

cve-2022-2402

stack overflow

eset endpoint encryption

eset full disk encryption

windows

driver vulnerability

kernel stack overflow

bsod

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

26.0%

JSON

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.

CNA Affected

[
  {
    "product": "ESET Endpoint Encryption",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "5.1.2.26",
        "status": "affected",
        "version": "5.1.1.14",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "ESET Full Disk Encryption",
    "vendor": "ESET, spol. s r.o.",
    "versions": [
      {
        "lessThan": "1.3.2.32",
        "status": "affected",
        "version": "1.3.1.25",
        "versionType": "custom"
      }
    ]
  }
]

References

support.eset.com/en/ca8298-vulnerability-fixed-in-eset-endpoint-encryption-and-eset-full-disk-encryption-for-windows

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

EPSS

0.001

Percentile

26.0%

JSON

Related for CVELIST:CVE-2022-2402