CVE-2023-39341
LOWFFRI yarai 3.4.0-3.4.6 and 3.5.0 - Denial of Service via Exception Handling
Title source: llmDescription
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).
References (6)
Core 6
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN42527152/
Vendor Advisory
https://www.ffri.jp/security-info/index.htm
Third Party Advisory
https://www.skyseaclientview.net/news/230807_01/
Third Party Advisory
https://www.soliton.co.jp/support/zerona_notice_2023.html
Third Party Advisory
https://www.sourcenext.com/support/i/2023/230718_01
Permissions Required
https://www.support.nec.co.jp/View.aspx?id=3140109240
Scores
CVSS v3
3.3
EPSS
0.0029
EPSS Percentile
20.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-755
Status
published
Products (13)
ffri/dual_safe
1.4.1
ffri/ffri_yarai
1.4.0
ffri/ffri_yarai
3.5.0
ffri/ffri_yarai
3.4.0 - 3.4.6
nec/actsecure_x_managed_security_service
3.5.0
nec/actsecure_x_managed_security_service
3.4.0 - 3.4.6
skygroup/edr_plus_pack
3.5.0
skygroup/edr_plus_pack
3.4.0 - 3.4.6
skygroup/edr_plus_pack_cloud
3.5.0
skygroup/edr_plus_pack_cloud
3.4.0 - 3.4.6
... and 3 more
Published
Aug 09, 2023
Tracked Since
Feb 18, 2026