CVE-2022-28886 MEDIUM

CVE-2022-28886: Denial-of-Service (DoS) Vulnerability

Vendor F-Secure And Withsecure
Product All F-Secure and WithSecure Endpoint Protection products for Windows running 32 bit operating system. F-Secure Linux Security 32 F-Secure Internet Gatekeeper
Published September 23, 2022
Last update May 22, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine

Key dates

02Disclosure timeline

September 23, 2022 CVE published
May 22, 2025 Record updated