CVE-2022-28884
First published: Tue Sep 06 2022(Updated: )
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine.
Credit: cve-notifications-us@f-secure.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Withsecure Business Suite | ||
| WithSecure Elements Endpoint Protection | ||
| F-secure Internet Gatekeeper | ||
| F-Secure Linux Security |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Denial-of-Service vulnerability?
The vulnerability ID for this Denial-of-Service vulnerability is CVE-2022-28884.
Which products are affected by this vulnerability?
The F-Secure Internet Gatekeeper, F-Secure Linux Security, WithSecure Business Suite, and WithSecure Elements Endpoint Protection products are affected by this vulnerability.
What is the severity of CVE-2022-28884?
The severity of CVE-2022-28884 is high, with a severity value of 7.5.
How does the vulnerability manifest?
The vulnerability manifests as a Denial-of-Service where the aerdl.dll may go into an infinite loop when unpacking PE files, potentially crashing the scanning engine.
How can I fix CVE-2022-28884?
To fix CVE-2022-28884, ensure that you have the latest patches and updates for the affected F-Secure and WithSecure products installed.