Alyac
CVE-2022-21147
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability.
AnalysisAI
An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-823. An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7. A specially-crafted PE file can trigger this vulnerability to cause denial of service and termination of malware scan. An attacker can provide a malicious file to trigger this vulnerability. Affected products include: Estsoft Alyac.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. Rated high severity (CVSS
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. Rated high severity (CVSS
Same weakness CWE-823 – Use of Out-of-range Pointer Offset
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today