Lucene search

[email protected]CVE-2023-42526

HistorySep 18, 2023 - 6:15 a.m.

CVE-2023-42526

2023-09-1806:15:08

CWE-400

[email protected]

web.nvd.nist.gov

withsecure

remote crash

scanning engine

decompression vulnerability

nvd

cve-2023-42526

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.

Affected configurations

NVD

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

withsecureemail_and_server_securityMatch15

withsecureserver_securityMatch15

AND

microsoftwindowsMatch-

Node

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

AND

applemacosMatch-

Node

withsecurelinux_protectionMatch12.0

withsecurelinux_security_64Match12.0

AND

linuxlinux_kernelMatch-

Node

withsecureatlantMatch1.0.35-1

CPENameOperatorVersion
withsecure:client_securitywithsecure client securityeq15
withsecure:elements_endpoint_protectionwithsecure elements endpoint protectioneq*
withsecure:email_and_server_securitywithsecure email and server securityeq15
withsecure:server_securitywithsecure server securityeq15

CPE	Name	Operator	Version
withsecure:client_security	withsecure client security	eq	15
withsecure:elements_endpoint_protection	withsecure elements endpoint protection	eq	*
withsecure:email_and_server_security	withsecure email and server security	eq	15
withsecure:server_security	withsecure server security	eq	15

References

www.withsecure.com/en/support/security-advisories

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVE-2023-42526

prion1 cvelist1 nvd1