CVE-2024-0316

Name of the Vulnerable Software and Affected Versions FireEye Endpoint Security version 5.2.0.958244

Description The issue is related to improper cleanup in exceptions thrown by FireEye Endpoint Security. This could allow an attacker to send multiple request packets to the containment notify/preview parameter, potentially leading to a service outage. The vulnerability is associated with errors in pointer counting in the network subsystem, which could be exploited by a remote attacker to cause a denial of service using the Containment notify/preview parameter.

Recommendations For FireEye Endpoint Security version 5.2.0.958244, consider disabling access to the containment notify/preview parameter as a temporary workaround until a patch is available. Restricting the use of this parameter can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.