CVE-2021-4198 (GCVE-0-2021-4198)

Vulnerability from cvelistv5 – Published: 2022-03-07 11:30 – Updated: 2024-09-17 02:06
VLAI?
Summary
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE
  • CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
Vendor Product Version
Bitdefender Total Security Affected: unspecified , < 26.0.3.29 (custom)
Create a notification for this product.
    Bitdefender Internet Security Affected: unspecified , < 26.0.3.29 (custom)
Create a notification for this product.
    Bitdefender Antivirus Plus Affected: unspecified , < 26.0.3.29 (custom)
Create a notification for this product.
    Bitdefender Endpoint Security Tools Affected: unspecified , < 7.2.2.92 (custom)
Create a notification for this product.
    Bitdefender VPN Standalone Affected: unspecified , < 25.5.0.48 (custom)
Create a notification for this product.
Credits
Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:04.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Total Security",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "26.0.3.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Internet Security",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "26.0.3.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Antivirus Plus",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "26.0.3.29",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Endpoint Security Tools",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "7.2.2.92",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "VPN Standalone",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "25.5.0.48",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
        }
      ],
      "datePublic": "2022-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-09T10:06:06",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
        }
      ],
      "source": {
        "defect": [
          "VA-10016"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-requests@bitdefender.com",
          "DATE_PUBLIC": "2022-02-05T10:00:00.000Z",
          "ID": "CVE-2021-4198",
          "STATE": "PUBLIC",
          "TITLE": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Total Security",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "26.0.3.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Internet Security",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "26.0.3.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Antivirus Plus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "26.0.3.29"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Endpoint Security Tools",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.2.2.92"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "VPN Standalone",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "25.5.0.48"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bitdefender"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476 NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/",
              "refsource": "MISC",
              "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
          }
        ],
        "source": {
          "defect": [
            "VA-10016"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2021-4198",
    "datePublished": "2022-03-07T11:30:14.308193Z",
    "dateReserved": "2022-01-04T00:00:00",
    "dateUpdated": "2024-09-17T02:06:29.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"26.0.3.29\", \"matchCriteriaId\": \"94032C6C-01E2-4D3F-B246-83A1556F2AF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2.2.92\", \"matchCriteriaId\": \"120935AC-9425-4290-A884-FA262EA40618\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"26.0.3.29\", \"matchCriteriaId\": \"EF10043E-56F8-427B-8146-343B5A717DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"26.0.3.29\", \"matchCriteriaId\": \"F45EBE44-B7F4-4056-B4CA-07B8762B0E14\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:vpn_standalone:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"25.5.0.48\", \"matchCriteriaId\": \"273355BC-4B2E-4AAC-80C6-433C1CFC69AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Desreferencia de Puntero NULL en el componente messaging_ipc.dll utilizado en Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools y VPN Standalone permite a un atacante bloquear arbitrariamente los procesos del producto y generar archivos crashdump. Este problema afecta a: Las versiones de Bitdefender Total Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Internet Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Antivirus Plus anteriores a la 26.0.3.29. Versiones de Bitdefender Endpoint Security Tools anteriores a la 7.2.2.92. Versiones de Bitdefender VPN Standalone anteriores a la 25.5.0.48.\"}]",
      "id": "CVE-2021-4198",
      "lastModified": "2024-11-21T06:37:07.703",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-requests@bitdefender.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:P/A:P\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-03-07T12:15:07.967",
      "references": "[{\"url\": \"https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/\", \"source\": \"cve-requests@bitdefender.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-22-483/\", \"source\": \"cve-requests@bitdefender.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.zerodayinitiative.com/advisories/ZDI-22-483/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve-requests@bitdefender.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-requests@bitdefender.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-4198\",\"sourceIdentifier\":\"cve-requests@bitdefender.com\",\"published\":\"2022-03-07T12:15:07.967\",\"lastModified\":\"2024-11-21T06:37:07.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Desreferencia de Puntero NULL en el componente messaging_ipc.dll utilizado en Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools y VPN Standalone permite a un atacante bloquear arbitrariamente los procesos del producto y generar archivos crashdump. Este problema afecta a: Las versiones de Bitdefender Total Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Internet Security anteriores a la 26.0.3.29. Las versiones de Bitdefender Antivirus Plus anteriores a la 26.0.3.29. Versiones de Bitdefender Endpoint Security Tools anteriores a la 7.2.2.92. Versiones de Bitdefender VPN Standalone anteriores a la 25.5.0.48.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-requests@bitdefender.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:P/A:P\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-requests@bitdefender.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:antivirus_plus:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.0.3.29\",\"matchCriteriaId\":\"94032C6C-01E2-4D3F-B246-83A1556F2AF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:endpoint_security_tools:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.2.92\",\"matchCriteriaId\":\"120935AC-9425-4290-A884-FA262EA40618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:internet_security:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.0.3.29\",\"matchCriteriaId\":\"EF10043E-56F8-427B-8146-343B5A717DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:total_security:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"26.0.3.29\",\"matchCriteriaId\":\"F45EBE44-B7F4-4056-B4CA-07B8762B0E14\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:vpn_standalone:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"25.5.0.48\",\"matchCriteriaId\":\"273355BC-4B2E-4AAC-80C6-433C1CFC69AC\"}]}]}],\"references\":[{\"url\":\"https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/\",\"source\":\"cve-requests@bitdefender.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-483/\",\"source\":\"cve-requests@bitdefender.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.zerodayinitiative.com/advisories/ZDI-22-483/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.