Main Vulnerability Database SB2022031706

SB2022031706 - Multiple vulnerabilities in Webroot Secure Anywhere

Published: March 17, 2022

Security Bulletin ID SB2022031706

CSH Severity

Low

Patch available

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2021-40425)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the IOCTL B_03. A local attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.

2) Out-of-bounds read (CVE-ID: CVE-2021-40424)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the IOCTL GetProcessCommandLine. A local attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1433