Vulnerability Name: | CVE-2021-4198 (CCN-221406) | ||||||||||||
Assigned: | 2021-12-16 | ||||||||||||
Published: | 2021-12-16 | ||||||||||||
Updated: | 2022-03-11 | ||||||||||||
Summary: | A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48. | ||||||||||||
CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) 5.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-476 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-4198 Source: XF Type: UNKNOWN bitdefender-cve20214198-dos(221406) Source: CONFIRM Type: Vendor Advisory N/A Source: CCN Type: Bitdefender Web site Bitdefender Source: CCN Type: ZDI-22-483 Bitdefender Total Security Link Following Denial-of-Service Vulnerability Source: MISC Type: Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-22-483/ | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |