CVE-2023-42523

Vulnerability

A denial-of-service (DoS) vulnerability exists in the scanning engine of certain WithSecure products when processing a malicious Portable Executable (PE) file. The crash occurs during the unpacking phase of the PE file analysis. Affected versions include: WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Exploitation

An attacker can remotely trigger the crash by sending a specially crafted PE file to the scanning engine. No authentication or local access is required; the attack can be performed over a network where the scanning service is exposed. The precise sequence involves the attacker delivering the malicious PE file, which the engine then attempts to unpack, leading to a memory corruption or logic error that causes a crash.

Impact

A successful crash denies service to legitimate users and may disrupt automated scanning operations. The impact is a denial-of-service (DoS) condition; no data disclosure, privilege escalation, or code execution is reported.

Mitigation

WithSecure has released security advisories addressing this vulnerability. Affected users should update their products to the latest versions as specified in the advisory [1]. No workarounds are documented; the fix is incorporated into product updates.