CVE-2024-27359

EUVD-2024-24563

26.02.2024, 16:28

Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
withsecure	elements_endpoint_protection	17 ≤ 𝑥 ≤ *	ADP
withsecure	elements_endpoint_protection	17.0 ≤ 𝑥 ≤ *	ADP
withsecure	client_security	15	ADP
withsecure	server_security	15	ADP
f-secure	email_and_server_security	15.0	ADP
withsecure	linux_protection	12.0	ADP
withsecure	linux_security_64	12.0	ADP

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://www.withsecure.com/en/support/security-advisories/cve-2034-n1