PT-2022-6149 · F Secure · F-Secure Endpoint Protection

Faty420

Published

2022-11-25

Updated

2022-11-30

CVE-2022-38166

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions F-Secure Endpoint Protection for Windows and macOS versions before channel with Capricorn database 2022-11-22 07

Description The issue is related to the incorrect handling of the path to the aerdl.dll library, which can cause the unpacker handler to crash. This crash can lead to a scanning engine crash. The issue can be triggered remotely by an attacker, resulting in a denial of service.

Recommendations For F-Secure Endpoint Protection for Windows and macOS versions before channel with Capricorn database 2022-11-22 07, update to a version with a Capricorn database of 2022-11-22 07 or later to resolve the issue. As a temporary workaround, consider restricting access to the aerdl.dll library to minimize the risk of exploitation.

Fix

Untrusted Search Path

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426CWE-248CWE-427

Related Identifiers

BDU:2023-00179

CVE-2022-38166

Affected Products

F-Secure Endpoint Protection

PT-2022-6149 · F Secure · F-Secure Endpoint Protection

CVE-2022-38166

Weakness Enumeration

Related Identifiers

Affected Products

References · 7