// For flags

CVE-2023-47264

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later.

Ciertos productos WithSecure tienen una sobrelectura del búfer por lo que el procesamiento de ciertos tipos de archivos fuzz puede provocar una denegación de servicio (DoS). Esto afecta a:
WithSecure Client Security 15,
WithSecure Server Security 15,
WithSecure Email and Server Security 15,
WithSecure Elements Endpoint Protection 17 y posteriores,
WithSecure Client Security for Mac 15,
WithSecure Elements Endpoint Protection for Mac 17 y posteriores,
WithSecure Linux Security 64 12.0,
WithSecure Linux Protection 12.0,
WithSecure Atlant (formerly F-Secure Atlant) 15 y posteriores.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-11-05 CVE Reserved
  • 2023-11-16 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Withsecure
Search vendor "Withsecure"
Client Security
Search vendor "Withsecure" for product "Client Security"
15
Search vendor "Withsecure" for product "Client Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Elements Endpoint Protection
Search vendor "Withsecure" for product "Elements Endpoint Protection"
>= 17
Search vendor "Withsecure" for product "Elements Endpoint Protection" and version " >= 17"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Email And Server Security
Search vendor "Withsecure" for product "Email And Server Security"
15
Search vendor "Withsecure" for product "Email And Server Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Server Security
Search vendor "Withsecure" for product "Server Security"
15
Search vendor "Withsecure" for product "Server Security" and version "15"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Withsecure
Search vendor "Withsecure"
Client Security
Search vendor "Withsecure" for product "Client Security"
15
Search vendor "Withsecure" for product "Client Security" and version "15"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Withsecure
Search vendor "Withsecure"
Elements Endpoint Protection
Search vendor "Withsecure" for product "Elements Endpoint Protection"
>= 17
Search vendor "Withsecure" for product "Elements Endpoint Protection" and version " >= 17"
-
Affected
in Apple
Search vendor "Apple"
Macos
Search vendor "Apple" for product "Macos"
--
Safe
Withsecure
Search vendor "Withsecure"
Linux Protection
Search vendor "Withsecure" for product "Linux Protection"
12.0
Search vendor "Withsecure" for product "Linux Protection" and version "12.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Withsecure
Search vendor "Withsecure"
Linux Security 64
Search vendor "Withsecure" for product "Linux Security 64"
12.0
Search vendor "Withsecure" for product "Linux Security 64" and version "12.0"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Withsecure
Search vendor "Withsecure"
Atlant
Search vendor "Withsecure" for product "Atlant"
>= 15.0
Search vendor "Withsecure" for product "Atlant" and version " >= 15.0"
-
Affected
Withsecure
Search vendor "Withsecure"
Atlant
Search vendor "Withsecure" for product "Atlant"
1.0.35-1
Search vendor "Withsecure" for product "Atlant" and version "1.0.35-1"
-
Affected