CVE-2023-43767
Description
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
WithSecure products are vulnerable to denial of service via a crafted archive in the aepack unpack handler, affecting multiple versions.
Vulnerability
The aepack archive unpack handler in certain WithSecure products contains a denial-of-service vulnerability (CVE-2023-43767). Affected products include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Exploitation
An attacker can trigger the vulnerability by supplying a specially crafted archive file that, when processed by the aepack unpack handler, causes a crash. The exact attack vector (local or remote) is not specified, but network-based delivery is plausible if the product automatically scans or unpacks archives.
Impact
Successful exploitation leads to a denial of service, crashing the scanning or unpacking process. This could disrupt endpoint protection or server security functions, potentially leaving systems unprotected until the service is restored.
Mitigation
As of the publication date, no specific fix or workaround has been disclosed in the available references. Users should monitor the vendor's security advisory page [1] for updates and apply patches as soon as they become available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- WithSecure/WithSecure Client Securitydescription
- Range: =15
- Range: =15
- Range: =1.0.35-1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.