Denial-of-Service (DoS) Vulnerability
Description
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A DoS vulnerability in F-Secure/WithSecure Atlant's aerdl.dll causes the scanning engine to crash when processing a malformed file.
Vulnerability
A Denial-of-Service vulnerability exists in the aerdl.dll unpacker component of WithSecure (formerly F-Secure) Atlant and certain other endpoint protection products. The flaw causes a crash in the unpacker function when scanning a specially crafted file, leading to a scan engine crash. Affected products include all F-Secure endpoint protection products for Windows and potentially other WithSecure products that incorporate the Atlant engine [1] [2].
Exploitation
An attacker can trigger the vulnerability remotely by delivering a malicious file (e.g., via email, web download, or network share) that is subsequently scanned by the affected product. No authentication or special privileges are required from the attacker; the exploit is executed when the vulnerable engine attempts to unpack the malformed file [1] [2].
Impact
Successful exploitation results in a crash of the scanning engine, causing a Denial-of-Service condition. The system may fail to scan further files until the engine is restarted. There is no indication of information disclosure, privilege escalation, or code execution; the impact is limited to availability [1] [2].
Mitigation
F-Secure/WithSecure addressed this vulnerability in an update released on or before August 10, 2022. Users should ensure their product is updated to the latest version. No workarounds have been published; however, keeping the product up to date and limiting exposure to untrusted file sources can reduce risk [1] [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- F-Secure and WithSecure/All F-Secure and WithSecure Endpoint Protection products for Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper WithSecure Cloud Protection for Salesforce WithSecure Collaboration Protectionv5Range: All Version
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.f-secure.com/en/business/support-and-downloads/security-advisoriesmitrex_refsource_MISC
- www.withsecure.com/en/support/security-advisoriesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.