Critical vulnerability in log4net.dll

My security software found a critical vulnerability in log4net.dll in the folder C:\Program Files\WindowsApps\Audirvana.Audirvana-4118-9484-d80dbb7827cd_3.5.51.0_x64__q3nymrkmej12j\Audirvana\log4net.dll (ver

Security Vulnerability CVE-2018-1285 for log4net

Do you foresee an update?

Which security software are you using?


It’s strange that you have this vulnerability popping up right now since it seems to have been here for more than a year. I will take a look at this with Damien as soon as possible.

today I scanned with forticlient for the first time

Most probabily is a false alarm because of that dll behaviour. Audirvana it’s a 100% trusted app so if you installed from here no need to worry. However they can contact the AV company to tell them to remove from blacklist. I trust NOD32, but that’s only my opinion. You can add an exception in AV settings or if you still have concerns reinstall AS (backup your database first).

I also scanned my Audirvana computer today with Eset NOD32, Windows defender, Malwarebytes and Hitman pro. To be sure I also used an online version of Bitdefender.
None of the programs gave a virus- or vulnerability warning about log4net.dll. The whole computer came up ‘clean’.
Seems indeed a false alarm.

If you do the log4net.dll file properties you can see that it is version and according to CVE-2018-1285 it has a vulnerability. The solution is to update the log4net.dll to version 2.0.10 or higer.