Unrated severityNVD Advisory· Published Sep 18, 2023· Updated Sep 25, 2024

CVE-2023-42526

Description

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Remote crash of WithSecure scanning engine via decompression of crafted data files affecting multiple products.

Vulnerability

A denial-of-service vulnerability exists in multiple WithSecure products where a remote attacker can crash the scanning engine by providing specially crafted data files that trigger a decompression failure. Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1 [1].

Exploitation

An attacker can remotely send a crafted data file to a vulnerable system, which when processed by the scanning engine's decompression routine, causes an unhandled exception leading to a crash. No authentication or user interaction is required; the attacker only needs network access to deliver the malicious file [1].

Impact

Successful exploitation results in a crash of the scanning engine, leading to a denial-of-service condition. The affected system may be unable to scan files until the engine is restarted, but no data corruption or privilege escalation is indicated [1].

Mitigation

WithSecure has not disclosed a specific fix version in the available references [1]. Affected users should monitor the vendor's security advisories for updates and consider applying any released patches or workarounds as they become available.

References

Security advisories

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WithSecure/Client Securitydescription
WithSecure/Linux Protection 12.0llm-fuzzy
Range: =12.0
F-Secure/Client Securityllm-fuzzy
Range: =15
Astaro/Security Linuxllm-fuzzy
Range: =12.0
F-Secure/Email And Server Securityllm-fuzzy
Range: =15
F-Secure/Server Securityllm-fuzzy
Range: =15
WithSecure/Atlantllm-fuzzy
Range: =1.0.35-1
WithSecure/Elements Client Security for Macllm-fuzzy
Range: =15
WithSecure/Elements Endpoint Protectionllm-fuzzy
Range: >=17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.withsecure.com/en/support/security-advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000