CVE-2023-42521
Description
Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Remote denial-of-service in WithSecure products via crafted compressed file causing scanning engine crash.
Vulnerability
A denial-of-service vulnerability exists in certain WithSecure products that allows a remote attacker to cause a crash of the scanning engine via processing a specially crafted compressed file. Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1 [1].
Exploitation
An attacker can remotely exploit this vulnerability by sending a malicious compressed file to be processed by the scanning engine. No authentication is required, as the scanning engine processes files automatically. The attack vector is over the network, requiring only that the target product's scanning engine encounters the crafted file.
Impact
Successful exploitation leads to a denial-of-service condition, crashing the scanning engine. This may disrupt security scanning functionality but does not result in data compromise or privilege escalation. The crash is limited to the scanning engine, not the entire host system.
Mitigation
WithSecure has issued updates to address this vulnerability. Users should upgrade to the latest versions of the affected products as specified in the security advisory [1]. No workarounds are available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
9- WithSecure/Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, Atlantdescription
- Range: = 12.0
- Range: = 15
- Range: = 12.0
- Range: = 15
- Range: = 15
- Range: = 1.0.35-1
- Range: = 15
- Range: >= 17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.