Lucene search

[email protected]CVE-2023-47264

HistoryNov 16, 2023 - 3:15 a.m.

CVE-2023-47264

2023-11-1603:15:07

CWE-125

[email protected]

web.nvd.nist.gov

cve-2023-47264

withsecure

buffer over-read

denial of service

dos

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.7%

JSON

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

withsecureemail_and_server_securityMatch15

withsecureserver_securityMatch15

Node

applemacosMatch-

AND

withsecureclient_securityMatch15

withsecureelements_endpoint_protectionRange17≥

Node

linuxlinux_kernelMatch-

AND

withsecurelinux_protectionMatch12.0

withsecurelinux_security_64Match12.0

Node

withsecureatlantRange15.0≥

withsecureatlantMatch1.0.35-1

CPENameOperatorVersion
withsecure:client_securitywithsecure client securityeq15
withsecure:elements_endpoint_protectionwithsecure elements endpoint protectioneq*
withsecure:email_and_server_securitywithsecure email and server securityeq15
withsecure:server_securitywithsecure server securityeq15

CPE	Name	Operator	Version
withsecure:client_security	withsecure client security	eq	15
withsecure:elements_endpoint_protection	withsecure elements endpoint protection	eq	*
withsecure:email_and_server_security	withsecure email and server security	eq	15
withsecure:server_security	withsecure server security	eq	15

References

www.withsecure.com/en/support/security-advisories/cve-2023-47264

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.7%

JSON

Related for CVE-2023-47264

prion1 cvelist1 nvd1