cve/2022/CVE-2022-28882.md

### [CVE-2022-28882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28882)
![](https://img.shields.io/static/v1?label=Product&message=All%20F-Secure%20and%20WithSecure%20Endpoint%20Protection%20products%20for%20Windows%20%26%20Mac%20F-Secure%20Linux%20Security%20(32-bit)%20F-Secure%20Linux%20Security%20(64-bit)%20F-Secure%20Atlant%20F-Secure%20Internet%20Gatekeeper%20WithSecure%20Cloud%20Protection%20for%20Salesforce%20WithSecure%20Collaboration%20Protection&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20Version%20%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20Vulnerability%20&color=brighgreen)

### Description

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Team-BT5/WinAFL-RDP
- https://github.com/bacon-tomato-spaghetti/WinAFL-RDP
- https://github.com/googleprojectzero/winafl
- https://github.com/ssumachai/CS182-Project
- https://github.com/yrime/WinAflCustomMutate
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-28882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28882)`
			`![](https://img.shields.io/static/v1?label=Product&message=All%20F-Secure%20and%20WithSecure%20Endpoint%20Protection%20products%20for%20Windows%20%26%20Mac%20F-Secure%20Linux%20Security%20(32-bit)%20F-Secure%20Linux%20Security%20(64-bit)%20F-Secure%20Atlant%20F-Secure%20Internet%20Gatekeeper%20WithSecure%20Cloud%20Protection%20for%20Salesforce%20WithSecure%20Collaboration%20Protection&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20Version%20%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20Vulnerability%20&color=brighgreen)`

			`### Description`

			`A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Team-BT5/WinAFL-RDP`
			`- https://github.com/bacon-tomato-spaghetti/WinAFL-RDP`
			`- https://github.com/googleprojectzero/winafl`
			`- https://github.com/ssumachai/CS182-Project`
			`- https://github.com/yrime/WinAflCustomMutate`