PT-2022-11313 · F Secure · F-Secure Antivirus Engine

Published

2022-02-09

Updated

2022-02-11

CVE-2021-40837

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions F-Secure antivirus engine versions before Capricorn update 2022-02-01 01

Description A vulnerability was discovered in the F-Secure antivirus engine, where the decompression of an ACE file causes the scanner service to stop. This issue can be exploited remotely by an attacker, resulting in a denial-of-service of the antivirus engine.

Recommendations For versions before Capricorn update 2022-02-01 01, update to a version that includes the Capricorn update 2022-02-01 01 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ACE files by the antivirus engine until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-40837

Affected Products

F-Secure Antivirus Engine

PT-2022-11313 · F Secure · F-Secure Antivirus Engine

CVE-2021-40837

Related Identifiers

Affected Products

References · 6