CVE-2021-33572: Null Pointer Dereference
First published: Mon Jun 21 2021(Updated: )
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
Credit: cve-notifications-us@f-secure.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F-secure Cloud Protection For Salesforce | ||
| F-secure Elements For Microsoft 365 | ||
| F-secure Endpoint Protection | ||
| F-Secure Linux Security |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33572?
CVE-2021-33572 is a Denial-of-Service (DoS) vulnerability in F-Secure Linux Security, which can be triggered remotely by an attacker.
How does CVE-2021-33572 affect F-Secure products?
CVE-2021-33572 affects certain F-Secure products, including F-Secure Cloud Protection For Salesforce, F-Secure Elements For Microsoft 365, F-Secure Endpoint Protection, and F-Secure Linux Security.
What is the severity of CVE-2021-33572?
CVE-2021-33572 has a severity rating of 6.5, which is considered medium.
How can CVE-2021-33572 be exploited?
CVE-2021-33572 can be exploited by triggering a crash in the FSAVD component of F-Secure products while scanning larger packages or fuzzed files.
Where can I find more information about CVE-2021-33572?
More information about CVE-2021-33572 can be found in the F-Secure Vulnerability Reward Program Hall of Fame and the F-Secure Security Advisories page.