{"containers":{"cna":{"affected":[{"product":"All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection","vendor":"F-Secure and WithSecure","versions":[{"status":"affected","version":"All Version"}]}],"credits":[{"lang":"en","value":"WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"}],"descriptions":[{"lang":"en","value":"A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Denial of Service Vulnerability","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-08-23T15:54:02.000Z","orgId":"126858f1-1b65-4b74-81ca-7034f7f7723f","shortName":"F-SecureUS"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.withsecure.com/en/support/security-advisories"}],"solutions":[{"lang":"en","value":"FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"}],"source":{"discovery":"EXTERNAL"},"title":"Denial-of-Service (DoS) Vulnerability","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve-notifications-us@f-secure.com","ID":"CVE-2022-28882","STATE":"PUBLIC","TITLE":"Denial-of-Service (DoS) Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protection","version":{"version_data":[{"version_affected":"=","version_value":"All Version"}]}}]},"vendor_name":"F-Secure and WithSecure"}]}},"credit":[{"lang":"eng","value":"WithSecure & F-Secure would like to thank faty420 https://twitter.com/faty420 for bringing this issue to our attention"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of Service Vulnerability"}]}]},"references":{"reference_data":[{"name":"https://www.withsecure.com/en/support/security-advisories","refsource":"MISC","url":"https://www.withsecure.com/en/support/security-advisories"}]},"solution":[{"lang":"en","value":"FIX No User action is required. The required fix has been published through automatic update channel with Capricorn database on 2022-08-10_06"}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T06:03:53.163Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.withsecure.com/en/support/security-advisories"}]}]},"cveMetadata":{"assignerOrgId":"126858f1-1b65-4b74-81ca-7034f7f7723f","assignerShortName":"F-SecureUS","cveId":"CVE-2022-28882","datePublished":"2022-08-23T15:54:02.000Z","dateReserved":"2022-04-08T00:00:00.000Z","dateUpdated":"2024-08-03T06:03:53.163Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}