CVE-2006-2838 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus

3 documents3 sources

Severity

7.6HIGHNVD

EPSS

7.2%

top 8.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure Anti-virus F-secure Internet Gatekeeper

Timeline

PublishedJun 6

Latest updateMay 1

Description

Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

▶NVDf-secure/f-secure_anti-virus6.40

▶NVDf-secure/internet_gatekeeper4 versions+3

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.f-secure.com ↗

🔴Vulnerability Details

GHSA

GHSA-mh9m-hcf8-jrfp: Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6↗2022-05-01

▶

CVEList

CVE-2006-2838: Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6↗2006-06-06

▶