Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Endpoint_security_tools | Bitdefender | * | 6.2.21.171 (excluding) |
Endpoint_security_tools | Bitdefender | * | 7.4.1.111 (excluding) |
Gravityzone | Bitdefender | * | 26.4-1 (excluding) |
Update_server | Bitdefender | * | 3.4.0.276 (excluding) |