Crash while scanning fuzzed files can cause Denial-of-Service of antivirus engine.
RISK LEVEL: Medium
FIX: No user action is required. The required fix has been published through automatic update channel with Capricorn update 2021-04-29_07.
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the antivirus engine.
This issue was reported to F-Secure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
F-Secure Corporation would like to thank Antti Levomäki and Christian Jalio from Forcepoint for bringing this issue to our attention.
|3rd June 2021||First advisory published.|
|9th June 2021||Added F-Secure Security Cloud, F-Secure Elements for Microsoft 365, and F-Secure Cloud Protection for Salesforce to list of affected products.|
|17th August 2021||Changed risk level from 'Low' to 'Medium'.|
Date Issued: 2021-06-03
Date Last Updated: 2021-08-17