### [CVE-2021-33602](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33602)
![](https://img.shields.io/static/v1?label=Product&message=F-Secure%20endpoint%20protection%20products%20on%20Windows%20and%20Mac.%20F-Secure%20Linux%20Security%20(32-bit)%20%20F-Secure%20Linux%20Security%2064%20%20F-Secure%20Atlant%20%26%20%20F-Secure%20Cloud%20Protection%20for%20Salesforce&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=All%20Version%20%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20Vulnerability&color=brightgreen)

### Description

A vulnerability affecting the F-Secure Antivirus engine was discovered when the engine tries to unpack a zip archive (LZW decompression method), and this can crash the scanning engine. The vulnerability can be exploited remotely by an attacker. A successful attack will result in Denial-of-Service of the Anti-Virus engine.

### POC

#### Reference
- https://www.f-secure.com/en/business/support-and-downloads/security-advisories

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Team-BT5/WinAFL-RDP
- https://github.com/bacon-tomato-spaghetti/WinAFL-RDP
- https://github.com/googleprojectzero/winafl
- https://github.com/ssumachai/CS182-Project
- https://github.com/yrime/WinAflCustomMutate