Lucene search

F-SecureUSCVELIST:CVE-2022-28874

HistoryMay 23, 2022 - 10:28 a.m.

CVE-2022-28874 Multiple Denial-of-Service (DoS) Vulnerabilities

2022-05-2310:28:30

F-SecureUS

www.cve.org

dos

f-secure

memory corruption

heap buffer overflow

remote exploit

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

41.7%

JSON

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

CNA Affected

[
  {
    "product": "F-Secure endpoint protection products for Windows and Mac. F-Secure Linux Security (32-bit).  F-Secure Linux Security 64.  F-Secure Atlant. WithSecure Cloud Protection for Salesforce & WithSecure Collaboration Protection",
    "vendor": "F-Secure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.f-secure.com/en/home/support/security-advisories

www.withsecure.com/en/support/security-advisories