Denial-of-Service (DoS) Vulnerability
Description
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can be triggered remotely by an attacker. A successful attack will result in Denial-of-Service (DoS) of the Anti-Virus engine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
F-Secure Atlant AVRDL unpacking module crashes on fuzzed files, enabling remote DoS against endpoint protection products.
Vulnerability
A Denial-of-Service (DoS) vulnerability exists in the AVRDL unpacking module component of F-Secure Atlant, used in certain F-Secure endpoint protection products. The module can crash while scanning a fuzzed file, leading to a DoS of the Anti-Virus engine. The vulnerability is triggered remotely by an attacker sending a specially crafted file. The affected products include all F-Secure endpoint protection products for Windows and Mac [1].
Exploitation
An attacker can exploit this vulnerability remotely by providing a fuzzed file that, when scanned by the vulnerable AVRDL unpacking module, causes the anti-virus engine to crash. No authentication is required, as the attack can be delivered via email, web download, or any vector where the file is processed by the affected F-Secure product [1].
Impact
Successful exploitation results in a Denial-of-Service (DoS) condition, where the anti-virus engine becomes unavailable, leaving the endpoint unprotected until the engine is restarted. The crash does not lead to code execution or privilege escalation, but it disrupts the security service [1].
Mitigation
F-Secure has addressed this vulnerability through automatic updates. Users should ensure their F-Secure endpoint protection products are updated to the latest version. As the fix is delivered via normal update channels, no manual workarounds are required [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- F-Secure/F-Secure endpoint protection products on Windows and Mac. F-Secure Linux Security (32-bit) F-Secure Linux Security 64 F-Secure Atlant F-Secure Cloud Protection for Salesforce and Cloud Protection for Microsoft Office 365v5Range: All Version
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-famemitrex_refsource_MISC
- www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-40832mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.