CVE-2022-28882
Last modified
CVE-2022-28882 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F-Secure | Elements Endpoint Protection | All versions |
| F-Secure | Atlant | All versions |
| F-Secure | Cloud Protection For Salesforce | All versions |
| F-Secure | Elements Collaboration Protection | All versions |
| F-Secure | Internet Gatekeeper | All versions |
| F-Secure | Linux Security | All versions |
| F-Secure | Linux Security 64 | All versions |
References
- https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
- https://www.withsecure.com/en/support/security-advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-28882?
How severe is CVE-2022-28882?
How do I fix CVE-2022-28882?
Are you affected by CVE-2022-28882?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST