CVE-2022-28871

Denial-of-Service (DoS) Vulnerability

Description

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.

Remediation

Solution:

FIX No User action is required. The required fix has been published through automatic update channel with HydraLinux update 2022-04-12_01

References

Link	Tags
https://www.withsecure.com/en/support/security-advisories/cve-2022-28871	third party advisory
https://www.f-secure.com/en/home/support/security-advisories/cve-2022-28871	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-28871?: CVE-2022-28871 has been scored as a medium severity vulnerability.
How to fix CVE-2022-28871?: To fix CVE-2022-28871: FIX No User action is required. The required fix has been published through automatic update channel with HydraLinux update 2022-04-12_01
Is CVE-2022-28871 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-28871 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-28871?: CVE-2022-28871 affects F-Secure All F-Secure Endpoint Protection products on Windows and Mac F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Internet Gatekeeper F-Secure Cloud Protection for Salesforce.

Description

Remediation

Category

CWE-770 – Allocation of Resources Without Limits or Throttling

References

Frequently Asked Questions