A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_protection_for_salesforce | F-secure | - (including) | - (including) |
| Elements_for_microsoft_365 | F-secure | - (including) | - (including) |
| Endpoint_protection | F-secure | * | * |
| Linux_security | F-secure | - (including) | - (including) |
Potential Mitigations
References
- https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories
- https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories