CVE-2023-49321

Vulnerability

A denial-of-service vulnerability exists in multiple WithSecure products where scanning a crafted (fuzzed) file takes an excessively long time, causing the scanner to hang [1]. Affected versions include WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1 [1]. The file itself is not malicious in the traditional sense, but its structure triggers pathological processing in the scanner engine.

Exploitation

An attacker can trigger the vulnerability remotely by sending or uploading a specially crafted file to a target system that is monitored by an affected WithSecure product [1]. No authentication or special privileges are required to deliver the file; the scanner processes the file upon access or scheduled scan, causing it to enter a hang state. The attack does not require user interaction beyond normal file operations.

Impact

Successful exploitation results in a denial of service on the scanner component, preventing legitimate scans and potentially blocking the host from being updated or checked for threats. This can leave the system unprotected or delay detection of actual malware. The hang does not lead to code execution or data corruption, but can disrupt normal security operations.

Mitigation

WithSecure has released security advisories for the affected products [1]. Users should update to fixed versions as specified in the vendor advisory. No workarounds are described in the available references. If the product has reached end of life (EOL), upgrading to a supported version is recommended.