Vulnerabilities > CVE-2022-28882 - Infinite Loop vulnerability in F-Secure products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

f-secure

CWE-835

NVD

Published: 2022-08-23

Updated: 2022-08-25

Summary

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

Vulnerable Configurations

Part	Description	Count
Application	F-Secure F Secure Elements Endpoint Protection * F Secure Atlant * F Secure Internet Gatekeeper * F Secure Linux Security * F Secure Linux Security 64 * F Secure Cloud Protection FOR Salesforce * F Secure Elements Collaboration Protection *	7
OS	Apple Apple Macos -	1
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://www.withsecure.com/en/support/security-advisories