CVE-2021-31845

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention (DLP) Discover versions prior to 11.6.100

Description: A buffer overflow issue allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.

Recommendations: For versions prior to 11.6.100, update to version 11.6.100 or later to resolve the issue. As a temporary workaround, consider restricting access to the DLP Discover service until a patch is applied, and avoid scanning potentially malicious Ami Pro (.sam) files.