CVE-2024-13614: Integer Overflow
First published: Thu Feb 06 2025(Updated: )
Kaspersky has fixed a security issue in Kaspersky Anti-Virus SDK for Windows, Kaspersky Security for Virtualization Light Agent, Kaspersky Endpoint Security for Windows, Kaspersky Small Office Security, Kaspersky for Windows (Standard, Plus, Premium), Kaspersky Free, Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Security Cloud, Kaspersky Safe Kids, Kaspersky Anti-Ransomware Tool that could allow an authenticated attacker to write data to a limited area outside the allocated kernel memory buffer. The fix was installed automatically for all Kaspersky Endpoint products.
Credit: vulnerability@kaspersky.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kaspersky Anti-Virus SDK for Windows | ||
| Kaspersky Security for Virtualization Light Agent | ||
| Kaspersky Endpoint Security for Windows | ||
| Kaspersky Small Office Security | ||
| Kaspersky for Windows | ||
| Kaspersky Free | ||
| Kaspersky Anti-Virus | ||
| Kaspersky Internet Security 2010 | ||
| Kaspersky Security Cloud | ||
| Kaspersky Safe Kids | ||
| Kaspersky Anti-Ransomware Tool |
Remedy
To fix the vulnerability, upgrade the KAV SDK for Windows to the following version: Kaspersky Anti-Virus Software Development Kit 8 Level 3 v. 8.10.2.2098. Contact your Technical Account Manager to obtain the necessary instructions.
Remedy
Install Kaspersky Security for Virtualization Light Agent 5.2.27.319 (with Kaspersky Security Components Installation Wizard 5.2.1.4005) or newer using the following url: https://www.kaspersky.com/small-to-medium-business-security/downloads/virtualization-hybrid-cloud
Remedy
The fix was installed automatically for Kaspersky Endpoint Security for Windows. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Small Office Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky for Windows (Standard, Plus, Premium). To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Free. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Anti-Virus. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Internet Security. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Security Cloud. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Safe Kids. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Remedy
The fix was installed automatically for Kaspersky Anti-Ransomware Tool. To check for the fix, check the antivirus database update date, it should be November 6, 2024 or newer.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-13614?
CVE-2024-13614 has a high severity rating due to its potential impact on various Kaspersky products.
How do I fix CVE-2024-13614?
To fix CVE-2024-13614, update your Kaspersky software to the latest version provided by Kaspersky.
Which Kaspersky products are affected by CVE-2024-13614?
CVE-2024-13614 affects multiple Kaspersky products including Kaspersky Anti-Virus SDK for Windows and Kaspersky Endpoint Security for Windows.
What should I do if I cannot update my software for CVE-2024-13614?
If you cannot update, consider implementing additional security measures until an update can be applied for CVE-2024-13614.
Is CVE-2024-13614 being actively exploited?
There is no public indication of active exploitation of CVE-2024-13614 at this time, but it is advised to address the vulnerability promptly.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/severity
- agent/source
- agent/last-modified-date
- agent/tags
- agent/event
- vendor/kaspersky
- canonical/kaspersky anti-virus sdk for windows
- canonical/kaspersky security for virtualization light agent
- canonical/kaspersky endpoint security for windows
- canonical/kaspersky small office security
- canonical/kaspersky for windows
- canonical/kaspersky free
- canonical/kaspersky anti-virus
- canonical/kaspersky internet security 2010
- canonical/kaspersky security cloud
- canonical/kaspersky safe kids
- canonical/kaspersky anti-ransomware tool