CVE-2022-28882

Published: Aug 23, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

Affected (7)

Products: F Secure: Elements Endpoint Protection, Atlant, Cloud Protection For Salesforce, Elements Collaboration Protection, Internet Gatekeeper, Linux Security, Linux Security 64

F Secure

7 products

Elements Endpoint Protection

Atlant

Cloud Protection For Salesforce

Elements Collaboration Protection

Internet Gatekeeper

Linux Security

Linux Security 64

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
F Secure Elements Endpoint Protection	All versions

Running on/with	Platform Versions
Apple Macos	All versions
Microsoft Windows	All versions

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
F Secure Atlant	All versions
F Secure Cloud Protection For Salesforce	All versions
F Secure Elements Collaboration Protection	All versions
F Secure Internet Gatekeeper	All versions
F Secure Linux Security	All versions
F Secure Linux Security 64	All versions

Related CWEs

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (2)

https://www.withsecure.com/en/support/security-advisories

Source: cve-notifications-us@f-secure.com

Vendor Advisory

https://www.withsecure.com/en/support/security-advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.