CVE-2021-33602

Denial-of-Service (DoS) Vulnerability

Description

A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

Remediation

Solution:

FIX No User action is required. The required fix has been published through the automatic update channel with Capricorn update 2021-09-29_03

5.5

CVSS

Severity: Medium

CVSS 3.1 •

CVSS 2.0 •

EPSS 0.29%

Vendor Advisory f-secure.com

Affected: F-Secure F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Cloud Protection for Salesforce

References

Link	Tags
https://www.f-secure.com/en/business/support-and-downloads/security-advisories	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-33602?: CVE-2021-33602 has been scored as a medium severity vulnerability.
How to fix CVE-2021-33602?: To fix CVE-2021-33602: FIX No User action is required. The required fix has been published through the automatic update channel with Capricorn update 2021-09-29_03
Is CVE-2021-33602 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-33602 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-33602?: CVE-2021-33602 affects F-Secure F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant & F-Secure Cloud Protection for Salesforce.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.