CVE-2023-42524
Description
Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WithSecure products contain an infinite loop vulnerability in the scanning engine when processing certain file types, leading to denial of service.
Vulnerability
The scanning engine in multiple WithSecure products (Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and Atlant 1.0.35-1) enters an infinite loop when encountering unspecified file types, causing a denial-of-service condition [1].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted file that triggers the infinite loop during scanning. No authentication is required as long as the product automatically scans the file, such as in email or file system scanning scenarios [1].
Impact
Successful exploitation leads to denial of service, as the scanning engine hangs indefinitely, potentially affecting system availability and disrupting normal operations [1].
Mitigation
WithSecure has released security updates to address this vulnerability. Refer to the vendor's security advisory [1] for specific patched versions and details. If patching is not immediately possible, users should avoid scanning untrusted files of unknown types or disable scanning of affected file types where feasible [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- WithSecure/Client Securitydescription
- Range: =1.0.35-1
- Range: =15
- Range: >=17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.