Vulnerabilities > CVE-2022-28874 - Out-of-bounds Write vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

f-secure

withsecure

CWE-787

NVD

Published: 2022-05-23

Updated: 2022-06-07

Summary

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Vulnerable Configurations

Part	Description	Count
Application	F-Secure F Secure Atlant * F Secure Linux Security * F Secure Elements Endpoint Protection *	3
Application	Withsecure Withsecure Cloud Protection FOR Salesforce * Withsecure Elements Collaboration Protection *	2
OS	Microsoft Microsoft Windows -	1
OS	Apple Apple Macos -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References