Denial-of-Service (DoS) Vulnerability

Vulnerability

A denial-of-service (DoS) vulnerability exists in F-Secure and WithSecure products where the aerdl.dll component may enter an infinite loop when unpacking Portable Executable (PE) files [1]. This issue can cause the scanning engine to become unresponsive or crash. The affected products include various F-Secure and WithSecure antivirus and security solutions; specific version numbers are not disclosed in the available references [1].

Exploitation

An attacker can exploit this vulnerability by providing a specially crafted PE file that triggers the infinite loop in aerdl.dll during unpacking [1]. No authentication is required, and the attacker does not need any special network position beyond the ability to deliver the malicious file to the target system (e.g., via email, web download, or file share). The scanning engine processes the file automatically, requiring no user interaction beyond normal file scanning activities [1].

Impact

Successful exploitation leads to a denial-of-service condition, where the scanning engine crashes or becomes hung [1]. This can prevent the affected product from scanning further files, potentially leaving the system unprotected until the engine is restarted. The impact is limited to availability; there is no indication of data compromise or privilege escalation [1].

Mitigation

F-Secure and WithSecure have not yet released a specific security advisory detailing the fix for CVE-2022-28884 in the provided references [1][2]. Users should monitor the official F-Secure and WithSecure security advisories page [1] for updates. Until a patch is available, ensure that real-time scanning is enabled and that antivirus definitions are up to date, as these may help reduce the risk. No workaround is explicitly mentioned in the available sources [1][2].