Lucene search

[email protected]NVD:CVE-2023-42524

HistorySep 18, 2023 - 7:15 a.m.

CVE-2023-42524

2023-09-1807:15:38

CWE-835

[email protected]

web.nvd.nist.gov

infinite loop

vulnerability

scanning engine

withsecure products

client security

server security

email and server security

elements endpoint protection

client security for mac

elements endpoint protection for mac

linux security

linux protection

withsecure atlant

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Affected configurations

Nvd

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

withsecureemail_and_server_securityMatch15

withsecureserver_securityMatch15

AND

microsoftwindowsMatch-

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

AND

applemacosMatch-

Node

withsecurelinux_protectionMatch12.0

withsecurelinux_security_64Match12.0

AND

linuxlinux_kernelMatch-

Node

withsecureatlantMatch1.0.35-1

VendorProductVersionCPE
withsecureclient_security15cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*
withsecureelements_endpoint_protection*cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*
withsecureemail_and_server_security15cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*
withsecureserver_security15cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
withsecurelinux_protection12.0cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*
withsecurelinux_security_6412.0cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
withsecureatlant1.0.35-1cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
withsecure	client_security	15	cpe:2.3:a:withsecure:client_security:15:::::::*
withsecure	elements_endpoint_protection	*	cpe:2.3:a:withsecure:elements_endpoint_protection::::::::
withsecure	email_and_server_security	15	cpe:2.3:a:withsecure:email_and_server_security:15:::::::*
withsecure	server_security	15	cpe:2.3:a:withsecure:server_security:15:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
withsecure	linux_protection	12.0	cpe:2.3:a:withsecure:linux_protection:12.0:::::::*
withsecure	linux_security_64	12.0	cpe:2.3:a:withsecure:linux_security_64:12.0:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
withsecure	atlant	1.0.35-1	cpe:2.3:a:withsecure:atlant:1.0.35-1:::::::*

References

www.withsecure.com/en/support/security-advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Related for NVD:CVE-2023-42524

cvelist1 cve1 vulnrichment1 prion1