Lucene search

F-SecureUSCVELIST:CVE-2022-28882

HistoryAug 23, 2022 - 3:54 p.m.

CVE-2022-28882 Denial-of-Service (DoS) Vulnerability

2022-08-2315:54:02

F-SecureUS

www.cve.org

cve-2022-28882

denial-of-service

f-secure

withsecure

aegen.dll

pe files

remote exploit

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

EPSS

0.001

Percentile

38.4%

JSON

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

CNA Affected

[
  {
    "product": "All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection",
    "vendor": "F-Secure and WithSecure",
    "versions": [
      {
        "status": "affected",
        "version": "All Version "
      }
    ]
  }
]

References

www.withsecure.com/en/support/security-advisories