CVE-2023-39341

Summary

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure χ versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).

Affected Software

VendorProductVersion RangeStatus
FFRI Security, Inc.FFRI yaraiversions 3.4.0 to 3.4.6 and 3.5.0affected
FFRI Security, Inc.FFRI yarai Home and Business Editionversion 1.4.0affected
Soliton Systems K.K.InfoTrace Mark II Malware Protection (Mark II Zerona)versions 3.0.1 to 3.2.2affected
Soliton Systems K.K.Zerona / Zerona PLUSversions 3.2.32 to 3.2.36affected
NEC CorporationActSecure χversions 3.4.0 to 3.4.6 and 3.5.0affected
SOURCENEXT CORPORATIONDual Safe Powered by FFRI yaraiversion 1.4.1affected
Sky Co., Ltd.EDR Plus PackBundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0affected
Sky Co., Ltd.EDR Plus Pack CloudBundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0affected

Weaknesses

  • Improper check or handling of exceptional conditions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References