CVE-2024-13614

Name of the Vulnerable Software and Affected Versions: Kaspersky Anti-Virus SDK for Windows (affected versions not specified) Kaspersky Security for Virtualization Light Agent (affected versions not specified) Kaspersky Endpoint Security for Windows (affected versions not specified) Kaspersky Small Office Security (affected versions not specified) Kaspersky for Windows (Standard, Plus, Premium) (affected versions not specified) Kaspersky Free (affected versions not specified) Kaspersky Anti-Virus (affected versions not specified) Kaspersky Internet Security (affected versions not specified) Kaspersky Security Cloud (affected versions not specified) Kaspersky Safe Kids (affected versions not specified) Kaspersky Anti-Ransomware Tool (affected versions not specified)

Description: The issue is related to an integer overflow that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. This may lead to arbitrary data being written and potentially cause a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: For all affected Kaspersky products, the fix was installed automatically, so no additional action is required for Kaspersky Endpoint products. As a general mitigation measure, ensure that all Kaspersky products are updated to the latest version to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability for non-Endpoint products, so users of other affected products should monitor for updates.