Faty420

**Name of the Vulnerable Software and Affected Versions** WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure Elements Endpoint Protection for Mac versions 17 and later WithSecure Linux Security 64 version 12.0 WithSecure Linux Protection version 12.0 WithSecure Atlant version 1.0.35-1 **Description** The issue allows a Denial of Service because scanning a crafted file takes a long time and causes the scanner to hang. **Recommendations** For WithSecure Client Security version 15, update to a version that includes a fix for this issue. For WithSecure Server Security version 15, update to a version that includes a fix for this issue. For WithSecure Email and Server Security version 15, update to a version that includes a fix for this issue. For WithSecure Elements Endpoint Protection versions 17 and later, update to a version that includes a fix for this issue. For WithSecure Client Security for Mac version 15, update to a version that includes a fix for this issue. For WithSecure Elements Endpoint Protection for Mac versions 17 and later, update to a version that includes a fix for this issue. For WithSecure Linux Security 64 version 12.0, update to a version that includes a fix for this issue. For WithSecure Linux Protection version 12.0, update to a version that includes a fix for this issue. For WithSecure Atlant version 1.0.35-1, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure Elements Endpoint Protection for Mac versions 17 and later WithSecure Linux Security 64 version 12.0 WithSecure Linux Protection version 12.0 WithSecure Atlant version 1.0.35-1 **Description** The issue is related to a Denial of Service that can occur due to an unpack handler crash, leading to a scanning engine crash. **Recommendations** For WithSecure Client Security version 15, update to a version that includes a fix for the unpack handler crash. For WithSecure Server Security version 15, update to a version that includes a fix for the unpack handler crash. For WithSecure Email and Server Security version 15, update to a version that includes a fix for the unpack handler crash. For WithSecure Elements Endpoint Protection versions 17 and later, update to a version that includes a fix for the unpack handler crash. For WithSecure Client Security for Mac version 15, update to a version that includes a fix for the unpack handler crash. For WithSecure Elements Endpoint Protection for Mac versions 17 and later, update to a version that includes a fix for the unpack handler crash. For WithSecure Linux Security 64 version 12.0, update to a version that includes a fix for the unpack handler crash. For WithSecure Linux Protection version 12.0, update to a version that includes a fix for the unpack handler crash. For WithSecure Atlant version 1.0.35-1, update to a version that includes a fix for the unpack handler crash.

**Name of the Vulnerable Software and Affected Versions** WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure Elements Endpoint Protection for Mac versions 17 and later WithSecure Linux Security 64 version 12.0 WithSecure Linux Protection version 12.0 WithSecure Atlant versions 15 and later **Description** The issue is a buffer over-read that may cause a denial of service (DoS) when processing certain fuzz file types. **Recommendations** For WithSecure Client Security version 15, update to a fixed version when available. For WithSecure Server Security version 15, update to a fixed version when available. For WithSecure Email and Server Security version 15, update to a fixed version when available. For WithSecure Elements Endpoint Protection versions 17 and later, update to a fixed version when available. For WithSecure Client Security for Mac version 15, update to a fixed version when available. For WithSecure Elements Endpoint Protection for Mac versions 17 and later, update to a fixed version when available. For WithSecure Linux Security 64 version 12.0, update to a fixed version when available. For WithSecure Linux Protection version 12.0, update to a fixed version when available. For WithSecure Atlant versions 15 and later, update to a fixed version when available.

**Nome do software vulnerável e versões afetadas** F-Secure Endpoint Protection para Windows e macOS, versões anteriores ao canal com o banco de dados Capricorn 2022-11-22 07 **Descrição** O problema está relacionado ao tratamento incorreto do caminho para a biblioteca `aerdl.dll`, o que pode causar a falha do manipulador do descompactador. Essa falha pode levar à falha do mecanismo de verificação. O problema pode ser acionado remotamente por um invasor, resultando em uma negação de serviço. **Recomendações** Para as versões do F-Secure Endpoint Protection para Windows e macOS anteriores ao canal com o banco de dados Capricorn 2022-11-22 07, atualize para uma versão com o banco de dados Capricorn 2022-11-22 07 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso à biblioteca `aerdl.dll` para minimizar o risco de exploração.