CVE-2022-0677: 
Bitdefender Endpoint Security Tools vulnerability analysis and mitigation

Improper Handling of Length Parameter Inconsistency vulnerability was discovered in the Update Server component of Bitdefender Endpoint Security Tools and GravityZone. The vulnerability, identified as CVE-2022-0677, affects multiple Bitdefender products including Update Server versions prior to 3.4.0.276, GravityZone versions prior to 26.4-1, Endpoint Security Tools for Linux versions prior to 6.2.21.171, and Endpoint Security Tools for Windows versions prior to 7.4.1.111. The vulnerability was disclosed on April 7th, 2022 (Bitdefender Advisory, NVD).

The vulnerability is classified as an Improper Handling of Length Parameter Inconsistency (CWE-130) issue. It received a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and primarily affects system availability (NVD).

The primary impact of this vulnerability is on system availability, as it allows an attacker to cause a Denial-of-Service condition. The CVSS scoring indicates no direct impact on confidentiality or integrity of the system (Bitdefender Advisory).

Bitdefender addressed this vulnerability through an automatic update. The fix was implemented in Update Server version 3.4.0.276, GravityZone version 26.4-1, Endpoint Security Tools for Linux version 6.2.21.171, and Endpoint Security Tools for Windows version 7.4.1.111 (Bitdefender Advisory).