CVE-2022-28882 — MEDIUM (4.3)

Vulnerability Description

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
F-Secure	Elements Endpoint Protection	All versions
Apple	Macos	-
Microsoft	Windows	-
F-Secure	Atlant	All versions
F-Secure	Cloud Protection For Salesforce	All versions
F-Secure	Elements Collaboration Protection	All versions
F-Secure	Internet Gatekeeper	All versions
F-Secure	Linux Security	All versions
F-Secure	Linux Security 64	All versions

Related Weaknesses (CWE)

CWE-835

References

https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
https://www.withsecure.com/en/support/security-advisoriesVendor Advisory

FAQ

What is CVE-2022-28882?

CVE-2022-28882 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning ...

How severe is CVE-2022-28882?

CVE-2022-28882 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28882?

Check the references section above for vendor advisories and patch information. Affected products include: F-Secure Elements Endpoint Protection, Apple Macos, Microsoft Windows, F-Secure Atlant, F-Secure Cloud Protection For Salesforce.