CVE-2023-47264

Vulnerability

A buffer over-read vulnerability exists in several WithSecure products, where processing certain fuzz file types can cause the scanner to crash. The issue resides in the file scanning engine and is reachable when the product attempts to analyze a specially crafted input file. Affected products include WithSecure Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and Atlant 15 and later [1].

Exploitation

An attacker can trigger the denial of service by providing a crafted fuzz file to the affected product's scanning functionality. No authentication or special network position is required if the attacker can deliver the file through typical attack vectors such as email, web downloads, or file shares. The user interaction is minimal, as the product automatically scans files upon access or delivery. Successful exploitation causes the scanner process to crash [1].

Impact

Successful exploitation results in a denial of service (DoS) through scanner crash. The impact is limited to temporary unavailability of the security product's scanning capability; no code execution or data compromise has been demonstrated. Depending on the deployment, the crash may interrupt protection until the service is restarted [1].

Mitigation

WithSecure has not yet released a specific patched version for this issue at the time of publication. The advisory notes that the vulnerability was reported through their Vulnerability Reward Program and no exploits have been observed in the wild. Mitigation recommendations are not explicitly provided in the available references; users should monitor WithSecure's security advisories for updates and apply any forthcoming patches promptly [1].