Stack Overflow in ESET Endpoint Encryption and ESET Full Disk Encryption for Windows
CVE-2022-2402

6.5MEDIUM

Key Information:

Vendor: Eset, Spol. S R.o.
Status: Eset Endpoint Encryption; Eset Full Disk Encryption
Vendor: CVE Published:; 6 September 2022

What is CVE-2022-2402?

The vulnerability in the driver dlpfde.sys enables a user logged into the system to perform system calls leading to kernel stack overflow, resulting in a system crash, for instance, a BSOD.

Affected Version(s)

ESET Endpoint Encryption 5.1.1.14 < 5.1.2.26

ESET Full Disk Encryption 1.3.1.25 < 1.3.2.32

References

https://support.eset.com/en/ca8298-vulnerability-fixed-in...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 6, 2022
Vulnerability Reserved
Jul 14, 2022

Eset, Spol. S R.o.

What is CVE-2022-2402?

Affected Version(s)

References

CVSS V3.1

Timeline