Lucene search

F-SecureUSCVELIST:CVE-2022-28887

HistoryOct 12, 2022 - 12:00 a.m.

CVE-2022-28887 Multiple Denial of Service Vulnerability

2022-10-1200:00:00

F-SecureUS

www.cve.org

cve-2022-28887

denial of service

f-secure

withsecure

aerdl.dll

unpacker handler

scanning engine crash

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

41.7%

JSON

Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl.dll unpacker handler function crashes. This can lead to a possible scanning engine crash.

CNA Affected

[
  {
    "vendor": "F-Secure and WithSecure",
    "product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper",
    "versions": [
      {
        "version": "All Version ",
        "status": "affected"
      }
    ]
  }
]

References

www.f-secure.com/en/business/support-and-downloads/security-advisories

www.withsecure.com/en/support/security-advisories