Unrated severityNVD Advisory· Published Sep 18, 2023· Updated Sep 25, 2024

CVE-2023-42522

Description

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote crash vulnerability in WithSecure scanning engines when parsing a PE file's import struct, affecting multiple products.

Vulnerability

The vulnerability resides in the scanning engine of certain WithSecure products, where processing an import struct in a PE file can cause a crash. Affected products include: WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

Exploitation

An attacker can exploit this vulnerability remotely by sending a specially crafted PE file to the scanning engine. No authentication or user interaction is required.

Impact

Successful exploitation causes the scanning engine to crash, resulting in a denial of service condition. No data integrity or confidentiality impact is reported.

Mitigation

No mitigation or patch is disclosed in the available references. Users are advised to monitor the vendor's security advisories for updates.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WithSecure/Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, Atlantdescription
F-Secure/Client Securityllm-fuzzy
Range: 15
F-Secure/Server Securityllm-fuzzy
Range: 15
WithSecure/Elements Endpoint Protectionllm-fuzzy
Range: >=17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.withsecure.com/en/support/security-advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000