CVE-2022-0677

HIGH

Bitdefender Update Server <3.4.0.276 - DoS

Title source: llm

Description

Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111.

References (1)

[Vendor Advisory] https://www.bitdefender.com/support/security-advisories/improper-handling-of-length-parameter-inconsistency-vulnerability-in-bitdefender-update-server-va-10144

Scores

CVSS v3 7.5

EPSS 0.0054

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-130

Status published

Products (4)

bitdefender/endpoint_security_tools < 6.2.21.171

bitdefender/endpoint_security_tools < 7.4.1.111

bitdefender/gravityzone < 26.4-1

bitdefender/update_server < 3.4.0.276

Published Apr 07, 2022

Tracked Since Feb 18, 2026