Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for VPN Standalone by Bitdefender

    CVE-2021-4198 (GCVE-0-2021-4198)

    Vulnerability from nvd – Published: 2022-03-07 11:30 – Updated: 2024-09-17 02:06
    VLAI
    Title
    messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
    Summary
    A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Internet Security Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Endpoint Security Tools Affected: unspecified , < 7.2.2.92 (custom)
    Create a notification for this product.
    Bitdefender VPN Standalone Affected: unspecified , < 25.5.0.48 (custom)
    Create a notification for this product.
    Date Public
    2022-02-05 00:00
    Credits
    Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Endpoint Security Tools",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "7.2.2.92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VPN Standalone",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "25.5.0.48",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2022-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T10:06:06.000Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
            }
          ],
          "source": {
            "defect": [
              "VA-10016"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-requests@bitdefender.com",
              "DATE_PUBLIC": "2022-02-05T10:00:00.000Z",
              "ID": "CVE-2021-4198",
              "STATE": "PUBLIC",
              "TITLE": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Total Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Internet Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Antivirus Plus",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Endpoint Security Tools",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.2.2.92"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN Standalone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "25.5.0.48"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bitdefender"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/",
                  "refsource": "MISC",
                  "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
              }
            ],
            "source": {
              "defect": [
                "VA-10016"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2021-4198",
        "datePublished": "2022-03-07T11:30:14.308Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:29.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4198 (GCVE-0-2021-4198)

    Vulnerability from cvelistv5 – Published: 2022-03-07 11:30 – Updated: 2024-09-17 02:06
    VLAI
    Title
    messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)
    Summary
    A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.
    CWE
    • CWE-476 - NULL Pointer Dereference
    Assigner
    References
    Impacted products
    Vendor Product Version
    Bitdefender Total Security Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Internet Security Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Antivirus Plus Affected: unspecified , < 26.0.3.29 (custom)
    Create a notification for this product.
    Bitdefender Endpoint Security Tools Affected: unspecified , < 7.2.2.92 (custom)
    Create a notification for this product.
    Bitdefender VPN Standalone Affected: unspecified , < 25.5.0.48 (custom)
    Create a notification for this product.
    Date Public
    2022-02-05 00:00
    Credits
    Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.264Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Total Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Internet Security",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Antivirus Plus",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "26.0.3.29",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Endpoint Security Tools",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "7.2.2.92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "VPN Standalone",
              "vendor": "Bitdefender",
              "versions": [
                {
                  "lessThan": "25.5.0.48",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
            }
          ],
          "datePublic": "2022-02-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-476",
                  "description": "CWE-476 NULL Pointer Dereference",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-03-09T10:06:06.000Z",
            "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
            "shortName": "Bitdefender"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
            }
          ],
          "source": {
            "defect": [
              "VA-10016"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve-requests@bitdefender.com",
              "DATE_PUBLIC": "2022-02-05T10:00:00.000Z",
              "ID": "CVE-2021-4198",
              "STATE": "PUBLIC",
              "TITLE": "messaging_ipc.dll NULL Pointer Dereference in multiple Bitdefender products (VA-10016)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Total Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Internet Security",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Antivirus Plus",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "26.0.3.29"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Endpoint Security Tools",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "7.2.2.92"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "VPN Standalone",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "25.5.0.48"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Bitdefender"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-476 NULL Pointer Dereference"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/",
                  "refsource": "MISC",
                  "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016/"
                },
                {
                  "name": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/",
                  "refsource": "MISC",
                  "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483/"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "An automatic update to these new product versions fixes the issue:\n \n- Bitdefender Total Security version 26.0.3.29\n- Bitdefender Internet Security version 26.0.3.29\n- Bitdefender Antivirus Plus version 26.0.3.29\n- Bitdefender VPN Standalone version 25.5.0.48\n- Bitdefender Endpoint Security Tools version 7.2.2.92"
              }
            ],
            "source": {
              "defect": [
                "VA-10016"
              ],
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "assignerShortName": "Bitdefender",
        "cveId": "CVE-2021-4198",
        "datePublished": "2022-03-07T11:30:14.308Z",
        "dateReserved": "2022-01-04T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:06:29.957Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }