Unrated severityNVD Advisory· Published Nov 26, 2023· Updated Aug 2, 2024

CVE-2023-49322

Description

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A Denial of Service vulnerability in WithSecure products allows an attacker to remotely trigger an unpack handler crash, causing the scanning engine to crash.

Vulnerability

The vulnerability resides in the unpack handler of certain WithSecure products. When processing a specially crafted file, the unpack handler crashes, leading to a scanning engine crash [1]. This affects WithSecure Client Security 15, Server Security 15, Email and Server Security 15, Elements Endpoint Protection 17 and later, Client Security for Mac 15, Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and Atlant 1.0.35-1.

Exploitation

An attacker can trigger the vulnerability remotely by sending a crafted file to the target product. No prior authentication or user interaction is required. The file is processed by the unpack handler, causing a crash [1].

Impact

Successful exploitation causes the scanning engine to crash, resulting in a denial of service. The security product becomes unavailable, potentially leaving the system unprotected [1].

Mitigation

WithSecure has acknowledged the vulnerability. A fix is expected in a future update. Users should monitor the advisory for updates. No workarounds are currently available [1].

References

CVE-2023-NNN4

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WithSecure/Client Securitydescription
WithSecure/WithSecure Client Security 15llm-create
Range: =15
WithSecure/Elements Endpoint Protectionllm-fuzzy
Range: >=17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.withsecure.com/en/support/security-advisories/cve-2023-49322mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000