CVE-2024-27359
First published: Sun Feb 25 2024(Updated: )
Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WithSecure Client Security | ||
| WithSecure Server Security | ||
| F-Secure Email and Server Security | ||
| F-Secure Elements Endpoint Protection | >=17 | |
| WithSecure Client Security for Mac | ||
| WithSecure Elements Endpoint Protection for Mac | >=17 | |
| WithSecure Linux Security 64 | ||
| WithSecure Linux Protection | ||
| WithSecure Atlant | >=1.0.35<1.0.36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-27359?
CVE-2024-27359 is classified as a Denial of Service vulnerability due to the potential for an infinite loop in the engine scanner.
How do I fix CVE-2024-27359?
To address CVE-2024-27359, upgrade to the latest version of the affected WithSecure products provided by the vendor.
Which products are affected by CVE-2024-27359?
CVE-2024-27359 affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and certain versions of WithSecure Elements Endpoint Protection.
What types of attacks can CVE-2024-27359 facilitate?
CVE-2024-27359 can facilitate a Denial of Service attack by causing the engine scanner to enter an infinite loop when processing specific archive files.
Is there any workaround for CVE-2024-27359?
Currently, there are no reliable workarounds for CVE-2024-27359 other than applying the available software updates from WithSecure.
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/withsecure
- canonical/withsecure client security
- canonical/withsecure server security
- canonical/f-secure email and server security
- canonical/f-secure elements endpoint protection
- canonical/withsecure client security for mac
- canonical/withsecure elements endpoint protection for mac
- canonical/withsecure linux security 64
- canonical/withsecure linux protection
- canonical/withsecure atlant