CVE-2021-44747 - OpenCVE

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F-secure	Atlant Elements Endpoint Protection Internet Gatekeeper Linux Security Security Cloud

Configuration 1 [-]

OR	cpe:2.3:a:f-secure:atlant::::::::
	cpe:2.3:a:f-secure:elements_endpoint_protection::::::mac::*
	cpe:2.3:a:f-secure:internet_gatekeeper::::::::
	cpe:2.3:a:f-secure:linux_security::::::::
	cpe:2.3:a:f-secure:security_cloud::::::::

No data.

References

Link	Providers
https://www.f-secure.com/en/business/support-and-downloads/security-advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: F-SecureUS

Published: 2022-03-01T11:55:26

Updated: 2024-08-04T04:32:13.027Z

Reserved: 2021-12-08T00:00:00

Link: CVE-2021-44747

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-03-01T12:15:07.493

Modified: 2022-07-12T17:42:04.277

Link: CVE-2021-44747

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "F-Secure endpoint protection products on Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud", "vendor": "F-Secure", "versions": [{"status": "affected", "version": "All Version "}]}], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service Vulnerability ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-04T15:47:23", "orgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "shortName": "F-SecureUS"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "solutions": [{"lang": "en", "value": "FIX: No user action is required. The required fix has been published through automatic update channel with Pisces release 2022-02-23_01"}], "source": {"discovery": "EXTERNAL"}, "title": "Denial-of-Service (DoS) Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-notifications-us@f-secure.com", "ID": "CVE-2021-44747", "STATE": "PUBLIC", "TITLE": "Denial-of-Service (DoS) Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F-Secure endpoint protection products on Mac, F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud", "version": {"version_data": [{"version_affected": "=", "version_value": "All Version "}]}}]}, "vendor_name": "F-Secure"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service Vulnerability "}]}]}, "references": {"reference_data": [{"name": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories", "refsource": "MISC", "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}]}, "solution": [{"lang": "en", "value": "FIX: No user action is required. The required fix has been published through automatic update channel with Pisces release 2022-02-23_01"}], "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:32:13.027Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}]}]}, "cveMetadata": {"assignerOrgId": "126858f1-1b65-4b74-81ca-7034f7f7723f", "assignerShortName": "F-SecureUS", "cveId": "CVE-2021-44747", "datePublished": "2022-03-01T11:55:26", "dateReserved": "2021-12-08T00:00:00", "dateUpdated": "2024-08-04T04:32:13.027Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f-secure:atlant:*:*:*:*:*:*:*:*", "matchCriteriaId": "57C8A204-70F5-449A-AB4F-A33823367B39", "versionEndExcluding": "2022-02-23_01", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:elements_endpoint_protection:*:*:*:*:*:mac:*:*", "matchCriteriaId": "15D28175-A8B5-4B18-8FF2-DE953630DD6B", "versionEndExcluding": "2022-02-23_01", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:internet_gatekeeper:*:*:*:*:*:*:*:*", "matchCriteriaId": "249DE15A-0756-4969-9228-ACC1BAC42FA5", "versionEndIncluding": "2022-02-23_01", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:linux_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBEF97B2-9C51-4B51-AE1A-363572757604", "versionEndExcluding": "2022-02-23_01", "vulnerable": true}, {"criteria": "cpe:2.3:a:f-secure:security_cloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E59B674-ADF0-49F2-A389-6AB0678C12B1", "versionEndExcluding": "2022-02-23_01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the Fmlib component used in certain F-Secure products can crash while scanning fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en F-Secure Linux Security por la que el componente Fmlib usado en determinados productos de F-Secure puede bloquearse mientras son escaneados archivos fuzzed. La explotaci\u00f3n puede ser desencadenada remotamente por un atacante. Un ataque con \u00e9xito resultar\u00e1 en la Denegaci\u00f3n de Servicio del motor Antivirus."}], "id": "CVE-2021-44747", "lastModified": "2022-07-12T17:42:04.277", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "cve-notifications-us@f-secure.com", "type": "Secondary"}]}, "published": "2022-03-01T12:15:07.493", "references": [{"source": "cve-notifications-us@f-secure.com", "tags": ["Vendor Advisory"], "url": "https://www.f-secure.com/en/business/support-and-downloads/security-advisories"}], "sourceIdentifier": "cve-notifications-us@f-secure.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}