CVE-2022-28884 — MEDIUM (4.3)

Vulnerability Description

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Withsecure	Business Suite	-
Withsecure	Elements Endpoint Protection	All versions
F-Secure	Internet Gatekeeper	-
F-Secure	Linux Security	-

Related Weaknesses (CWE)

CWE-835

References

https://www.withsecure.com/en/expertise/peopleVendor Advisory
https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
https://www.withsecure.com/en/expertise/peopleVendor Advisory
https://www.withsecure.com/en/support/security-advisoriesVendor Advisory

FAQ

What is CVE-2022-28884?

CVE-2022-28884 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the sc...

How severe is CVE-2022-28884?

CVE-2022-28884 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-28884?

Check the references section above for vendor advisories and patch information. Affected products include: Withsecure Business Suite, Withsecure Elements Endpoint Protection, F-Secure Internet Gatekeeper, F-Secure Linux Security.