Vulnerabilities > CVE-2022-2402 - Out-of-bounds Write vulnerability in Eset Endpoint Encryption and Full Disk Encryption

CVSS 6.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

eset

CWE-787

NVD

Published: 2022-09-06

Updated: 2022-09-09

Summary

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.

Vulnerable Configurations

Part	Description	Count
Application	Eset Eset Full Disk Encryption - Eset Full Disk Encryption 1.3.1.25 Eset Endpoint Encryption - Eset Endpoint Encryption 5.1.1.14	4

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://support.eset.com/en/ca8298-vulnerability-fixed-in-eset-endpoint-encryption-and-eset-full-disk-encryption-for-windows