Lucene search
HistorySep 23, 2022 - 7:15 p.m.
CVE-2022-28886
cve-2022-28886
aerdl.so/aerdl.dll
pe files
scanning engine
infinite loop
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
23.6%
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine
Affected configurations
Node
f-securecloud_protection_for_salesforce
ORf-securecollaboration_protection
ORf-secureelements_endpoint_protectionwindowsx86
ORf-secureinternet_gatekeeperMatch-
ORf-securelinux_securityx86
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f-secure | cloud_protection_for_salesforce | * | cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:* |
| f-secure | collaboration_protection | * | cpe:2.3:a:f-secure:collaboration_protection:*:*:*:*:*:*:*:* |
| f-secure | elements_endpoint_protection | * | cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:windows:x86:* |
| f-secure | internet_gatekeeper | - | cpe:2.3:a:f-secure:internet_gatekeeper:-:*:*:*:*:*:*:* |
| f-secure | linux_security | * | cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:* |
Related
cve
cve
CVE-2022-28886
2022-09-23 19:15:11
prion
prion
Denial of service
2022-09-23 19:15:00
cvelist
cvelist
CVE-2022-28886 Denial-of-Service (DoS) Vulnerability
2022-09-23 18:24:04
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
23.6%
Related for NVD:CVE-2022-28886