CVE-2021-33599

Denial-of-Service (DoS) Vulnerability

Description

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). The vulnerability can be exploit remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

Remediation

Solution:

  • FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-25_04

Category

4.6
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.14%
Vendor Advisory f-secure.com Vendor Advisory f-secure.com
Affected: F-Secure F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce
Published at:
Updated at:

References

Link Tags
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame vendor advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33599 vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-33599?
CVE-2021-33599 has been scored as a medium severity vulnerability.
How to fix CVE-2021-33599?
To fix CVE-2021-33599: FIX No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-08-25_04
Is CVE-2021-33599 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-33599 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-33599?
CVE-2021-33599 affects F-Secure F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.