First published: Thu Feb 21 2019(Updated: )
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows.
Credit: psirt@mcafee.com
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee GetSusp | <=3.0.0.461 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6687 has a critical severity rating due to its potential to cause a Denial of Service (DoS) via an infinite loop during file scanning.
To fix CVE-2018-6687, update McAfee GetSusp to version 3.0.0.462 or later where the vulnerability has been addressed.
CVE-2018-6687 affects McAfee GetSusp versions 3.0.0.461 and earlier on all supported Microsoft Windows operating systems.
An attacker can exploit CVE-2018-6687 to disrupt the functionality of a manual GetSusp scan, leading to a Denial of Service.
CVE-2018-6687 is not remotely exploitable, as it requires local access to initiate a scan with specially crafted files.