Lucene search

[email protected]NVD:CVE-2023-42526

HistorySep 18, 2023 - 6:15 a.m.

CVE-2023-42526

2023-09-1806:15:08

CWE-400

[email protected]

web.nvd.nist.gov

withsecure

remote crash

crafted file

decompression

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Affected configurations

Nvd

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

withsecureemail_and_server_securityMatch15

withsecureserver_securityMatch15

AND

microsoftwindowsMatch-

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

AND

applemacosMatch-

Node

withsecurelinux_protectionMatch12.0

withsecurelinux_security_64Match12.0

AND

linuxlinux_kernelMatch-

Node

withsecureatlantMatch1.0.35-1

VendorProductVersionCPE
withsecureclient_security15cpe:2.3:a:withsecure:client_security:15:*:*:*:*:*:*:*
withsecureelements_endpoint_protection*cpe:2.3:a:withsecure:elements_endpoint_protection:*:*:*:*:*:*:*:*
withsecureemail_and_server_security15cpe:2.3:a:withsecure:email_and_server_security:15:*:*:*:*:*:*:*
withsecureserver_security15cpe:2.3:a:withsecure:server_security:15:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
withsecurelinux_protection12.0cpe:2.3:a:withsecure:linux_protection:12.0:*:*:*:*:*:*:*
withsecurelinux_security_6412.0cpe:2.3:a:withsecure:linux_security_64:12.0:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
withsecureatlant1.0.35-1cpe:2.3:a:withsecure:atlant:1.0.35-1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
withsecure	client_security	15	cpe:2.3:a:withsecure:client_security:15:::::::*
withsecure	elements_endpoint_protection	*	cpe:2.3:a:withsecure:elements_endpoint_protection::::::::
withsecure	email_and_server_security	15	cpe:2.3:a:withsecure:email_and_server_security:15:::::::*
withsecure	server_security	15	cpe:2.3:a:withsecure:server_security:15:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
withsecure	linux_protection	12.0	cpe:2.3:a:withsecure:linux_protection:12.0:::::::*
withsecure	linux_security_64	12.0	cpe:2.3:a:withsecure:linux_security_64:12.0:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
withsecure	atlant	1.0.35-1	cpe:2.3:a:withsecure:atlant:1.0.35-1:::::::*

References

www.withsecure.com/en/support/security-advisories

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

34.3%

JSON

Related for NVD:CVE-2023-42526

cve1 vulnrichment1 prion1 cvelist1