{
  "schema_version": "1.4.0",
  "id": "GHSA-6hmq-vw9f-p5pf",
  "modified": "2022-03-17T00:02:53Z",
  "published": "2022-03-08T00:00:28Z",
  "aliases": [
    "CVE-2021-4198"
  ],
  "details": "A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files.\nThis issue affects:\nBitdefender Total Security\nversions prior to 26.0.3.29.\nBitdefender Internet Security\nversions prior to 26.0.3.29.\nBitdefender Antivirus Plus\nversions prior to 26.0.3.29.\nBitdefender Endpoint Security Tools\nversions prior to 7.2.2.92.\nBitdefender VPN Standalone\nversions prior to 25.5.0.48.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H"
    }
  ],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-4198"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/messaging_ipc-dll-null-pointer-dereference-in-multiple-bitdefender-products-va-10016"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-483"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "severity": "MODERATE",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-07T12:15:00Z"
  }
}