CVE-2021-40837

Denial-of-Service (DoS) Vulnerability

More information

A vulnerability affecting WithSecure™ antivirus engine was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

This issue was reported to WithSecure™ through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Contributors

WithSecure Corporation would like to thank following person for bringing this issue to our attention.

faty420

Twitter

    Description

  • Denial-of-Service of the antivirus engine when decompression of ACE file.
  • Status

  • Fixed
  • Risk level

  • Medium
  • Fix

  • No User action is required. The required fix has been published through automatic update channel with Capricorn update 2022-02-01_01
  • Affected products

  • WithSecure™ All F-Secure Endpoint Protection products on Windows and Mac WithSecure™ Linux Security (32-bit) WithSecure™ Linux Security 64 WithSecure™ Atlant WithSecure™ Internet Gatekeeper WithSecure™ Security Cloud
  • Platforms

  • Affected platforms all supported platforms for the affected products
  • Date issued

  • 9/2/2022
  • Security advisories
  • 2021
  • Medium