CVE-2021-44747

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 52.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F-secure Atlant F-secure Elements Endpoint Protection F-secure Linux Security +2 more

Timeline

PublishedMar 1

Latest updateMar 2

Description

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:LExploitability: 2.1 | Impact: 2.5

Affected Packages5 packages

▶NVDf-secure/linux_security< 2022-02-23_01

▶NVDf-secure/security_cloud< 2022-02-23_01

▶NVDf-secure/atlant< 2022-02-23_01

▶NVDf-secure/elements_endpoint_protection< 2022-02-23_01

▶NVDf-secure/internet_gatekeeper2022-02-23_01

🔴Vulnerability Details

GHSA

GHSA-pcr7-vhw2-6q28: A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can cr↗2022-03-02

▶

CVEList

Denial-of-Service (DoS) Vulnerability↗2022-03-01

▶