Security Advisories

CVE-2021-40836: Denial-of-Service (DoS) Vulnerability

Description

Crash while scanning Microsoft Outlook ".pst" files can cause Denial-of-Service of Antivirus engine.

STATUS: Fixed

RISK LEVEL: Medium

FIX: No User action is required. The required fix has been published through automatic update channel with Capricorn update 2021-12-13_07 

Affected Products

    All F-Secure Endpoint Protection products on Windows and Mac

    F-Secure Linux Security (32-bit)

    F-Secure Linux Security 64

    F-Secure Atlant

    F-Secure Internet Gatekeeper

Platforms

  • AFFECTED PLATFORMS ALL SUPPORTED PLATFORMS FOR THE AFFECTED PRODUCTS

More Information

A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.

This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Credits

F-Secure Corporation would like to thank faty420 for bringing this issue to our attention.