Denial-of-Service Vulnerability in Kaspersky Anti-Virus and Endpoint Security
CVE-2021-27223
5.5MEDIUM
Key Information:
- Vendor
- Kaspersky
- Vendor
- CVE Published:
- 1 April 2022
Summary
A denial-of-service vulnerability was found in Kaspersky Anti-Virus and Kaspersky Endpoint Security, allowing a local user to trigger system crashes by executing a specially designed binary module. The flaw posed a risk to users by potentially leading to significant system downtime. Kaspersky has addressed this issue with an automatic fix, ensuring enhanced protection against future exploits. Security researchers and developers credited with identifying and addressing this vulnerability have advanced the safety and integrity of Kaspersky products.
Affected Version(s)
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before June 2021
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved