PT-2022-13351 · Bitdefender · Bitdefender Endpoint Security Tools For Windows+3

Published

2022-04-07

·

Updated

2022-04-14

·

CVE-2022-0677

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Bitdefender Update Server versions prior to 3.4.0.276 Bitdefender GravityZone versions prior to 26.4-1 Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171 Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111
Description The issue is related to an Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component. This allows an attacker to cause a Denial-of-Service.
Recommendations For Bitdefender Update Server versions prior to 3.4.0.276, update to version 3.4.0.276 or later. For Bitdefender GravityZone versions prior to 26.4-1, update to version 26.4-1 or later. For Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171, update to version 6.2.21.171 or later. For Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111, update to version 7.4.1.111 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-130

Related Identifiers

CVE-2022-0677

Affected Products

Bitdefender Endpoint Security Tools For Linux
Bitdefender Endpoint Security Tools For Windows
Bitdefender Gravityzone
Bitdefender Update Server