#VU71767 Use of Out-of-range Pointer Offset in Alyac - CVE-2022-43665

Cybersecurity Help s.r.o.

Published: 2023-02-02

Vulnerability identifier: #VU71767

Vulnerability risk: Medium

CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-43665

CWE-ID: CWE-823

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Alyac
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: East Security Co.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the malware scan functionality. A remote user can trick a victim to open a specially crafted PE file and cause a denial of service condntion on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Alyac: 2.5.8.645

External links
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1682

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Alyac