CVE-2021-4198
messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
Una vulnerabilidad de Desreferencia de Puntero NULL en el componente messaging_ipc.dll utilizado en Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools y VPN Standalone permite a un atacante bloquear arbitrariamente los procesos del producto y generar archivos crashdump. Este problema afecta a: Las versiones de Bitdefender Total Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Internet Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Antivirus Plus anteriores a la 26.0.3.29. Versiones de Bitdefender Endpoint Security Tools anteriores a la 7.2.2.92. Versiones de Bitdefender VPN Standalone anteriores a la 25.5.0.48.
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Bitdefender Virus Shield. By creating a symbolic link, an attacker can abuse the service to delete files. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-04 CVE Reserved
- 2022-03-07 CVE Published
- 2023-09-28 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-22-483 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Bitdefender Search vendor "Bitdefender" | Antivirus Plus Search vendor "Bitdefender" for product "Antivirus Plus" | < 26.0.3.29 Search vendor "Bitdefender" for product "Antivirus Plus" and version " < 26.0.3.29" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Endpoint Security Tools Search vendor "Bitdefender" for product "Endpoint Security Tools" | < 7.2.2.92 Search vendor "Bitdefender" for product "Endpoint Security Tools" and version " < 7.2.2.92" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Internet Security Search vendor "Bitdefender" for product "Internet Security" | < 26.0.3.29 Search vendor "Bitdefender" for product "Internet Security" and version " < 26.0.3.29" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Total Security Search vendor "Bitdefender" for product "Total Security" | < 26.0.3.29 Search vendor "Bitdefender" for product "Total Security" and version " < 26.0.3.29" | - |
Affected
| ||||||
| Bitdefender Search vendor "Bitdefender" | Vpn Standalone Search vendor "Bitdefender" for product "Vpn Standalone" | < 25.5.0.48 Search vendor "Bitdefender" for product "Vpn Standalone" and version " < 25.5.0.48" | - |
Affected
| ||||||