Unrated severityNVD Advisory· Published Sep 18, 2023· Updated Sep 25, 2024

CVE-2023-42520

Description

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote crash of scanning engine via crafted data files in multiple WithSecure products.

Vulnerability

A denial-of-service vulnerability exists in the scanning engines of certain WithSecure products, allowing a remote crash by unpacking crafted data files. Affected products include WithSecure Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1 [1].

Exploitation

An attacker can remotely trigger a crash by sending a specially crafted data file to be scanned by the affected product. No user interaction beyond normal scanning operations is required; the vulnerability is triggered during the unpacking process [1].

Impact

Successful exploitation results in a denial of service (DoS) due to the scanning engine crashing. This may disrupt security scanning functionality and could affect system availability if the engine is critical [1].

Mitigation

As of the publication date, no patch or fix has been disclosed in the available reference [1]. Users should monitor the vendor's security advisory page for updates. No workarounds are provided in the reference.

References

Security advisories

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WithSecure/WithSecure productsdescription
WithSecure/Linux Protection 12.0llm-create
Range: 12.0
F-Secure/Client Securityllm-fuzzy
Range: 15
Astaro/Security Linuxllm-fuzzy
Range: 12.0
F-Secure/Email And Server Securityllm-fuzzy
Range: 15
F-Secure/Server Securityllm-fuzzy
Range: 15
WithSecure/Atlantllm-fuzzy
Range: 1.0.35-1
WithSecure/Elements Client Security for Macllm-fuzzy
Range: 15
WithSecure/Elements Endpoint Protectionllm-fuzzy
Range: >=17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.withsecure.com/en/support/security-advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000