Lucene search

[email protected]NVD:CVE-2022-28882

HistoryAug 23, 2022 - 4:15 p.m.

CVE-2022-28882

2022-08-2316:15:10

CWE-835

[email protected]

web.nvd.nist.gov

denial of service

f-secure

withsecure

pe files

remote exploit

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

Affected configurations

Nvd

Node

applemacosMatch-

microsoftwindowsMatch-

AND

f-secureelements_endpoint_protection

Node

f-secureatlant

f-securecloud_protection_for_salesforce

f-secureelements_collaboration_protection

f-secureinternet_gatekeeper

f-securelinux_securityx86

f-securelinux_security_64

VendorProductVersionCPE
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
f-secureelements_endpoint_protection*cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:*:*:*
f-secureatlant*cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*
f-securecloud_protection_for_salesforce*cpe:2.3:a:f-secure:cloud_protection_for_salesforce:*:*:*:*:*:*:*:*
f-secureelements_collaboration_protection*cpe:2.3:a:f-secure:elements_collaboration_protection:*:*:*:*:*:*:*:*
f-secureinternet_gatekeeper*cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*
f-securelinux_security*cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:x86:*
f-securelinux_security_64*cpe:2.3:a:f-secure:linux_security_64:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
f-secure	elements_endpoint_protection	*	cpe:2.3:a:f-secure:elements_endpoint_protection::::::::
f-secure	atlant	*	cpe:2.3:a:f-secure:atlant::::::::
f-secure	cloud_protection_for_salesforce	*	cpe:2.3:a:f-secure:cloud_protection_for_salesforce::::::::
f-secure	elements_collaboration_protection	*	cpe:2.3:a:f-secure:elements_collaboration_protection::::::::
f-secure	internet_gatekeeper	*	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
f-secure	linux_security	*	cpe:2.3:a:f-secure:linux_security:::::::x86:*
f-secure	linux_security_64	*	cpe:2.3:a:f-secure:linux_security_64::::::::

References

www.withsecure.com/en/support/security-advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

38.4%

JSON

Related for NVD:CVE-2022-28882

prion1 cve1 cvelist1