#VU78986 Improper Check or Handling of Exceptional Conditions in FFRI yarai and FFRI yarai Home and Business Edition - CVE-2023-39341

Cybersecurity Help s.r.o.

Published: 2023-08-07

Vulnerability identifier: #VU78986

Vulnerability risk: Low

CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-39341

CWE-ID: CWE-703

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FFRI yarai
Client/Desktop applications / Antivirus software/Personal firewalls
FFRI yarai Home and Business Edition
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: FFRI Security

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check or handling of exceptional conditions within the Windows Defender. A remote attacker can cause a denial of service condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FFRI yarai: 3.4.0 - 3.5.0

FFRI yarai Home and Business Edition: 1.4.0

External links
https://jvn.jp/en/jp/JVN42527152/index.html
https://www.ffri.jp/assets/files/other_docs/20230807.pdf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Sky Co EDR Plus Pack and EDR Plus Pack Cloud

Denial of service in SOURCENEXT CORPORATION Dual Safe Powered by FFRI yarai

Denial of service in NEC Corporation ActSecure χ

Denial of service in Soliton Systems Mark II Zerona, Zerona and Zerona PLUS

Denial of service in FFRI yarai and FFRI yarai Home and Business Edition