CVE-2024-27359 in Client Security
Summary
by MITRE • 02/26/2024
Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 04/15/2026
The vulnerability identified as CVE-2024-27359 represents a critical denial of service weakness affecting multiple WithSecure security products that utilize engine scanning capabilities. This flaw manifests when the system processes archive files, causing the scanner engine to enter an infinite loop state that consumes excessive system resources and ultimately renders the security solution non-functional. The affected product line encompasses comprehensive security solutions including client security for windows and mac platforms, server security implementations, email protection systems, and various endpoint protection suites. The vulnerability impacts versions ranging from WithSecure Client Security 15 through WithSecure Atlant 1.0.35-1, indicating a widespread issue across the vendor's security portfolio.
Technical exploitation of this vulnerability occurs during the processing of maliciously crafted archive files that trigger the scanner engine into an infinite loop condition. The root cause lies within the archive file handling mechanism where the scanner fails to properly validate or limit recursive extraction operations within compressed file structures. This type of flaw falls under the CWE-835 category of infinite loops or infinite recursion, where a program fails to properly terminate execution when processing malformed input data. The scanner engine's inability to detect and terminate malformed recursive operations results in continuous resource consumption that can exhaust system memory and processing capabilities, effectively disabling the security solution's ability to perform its intended protective functions.
The operational impact of this vulnerability extends beyond simple service disruption to potentially compromise the entire security infrastructure of affected systems. When the scanner engine enters an infinite loop, it can cause complete system unresponsiveness or require manual intervention to restart the security service. Organizations relying on these WithSecure products face significant risk of security gaps during the time when the system is unavailable, leaving endpoints vulnerable to actual threats while the protection mechanism fails. This vulnerability particularly affects enterprise environments where continuous security monitoring is critical, as the denial of service condition can go unnoticed until system administrators observe performance degradation or complete service outages.
Mitigation strategies for CVE-2024-27359 should prioritize immediate patch deployment from WithSecure, as the vendor has likely released security updates addressing the infinite loop condition in archive processing. Network administrators should implement monitoring solutions to detect unusual resource consumption patterns that may indicate the vulnerability's exploitation, particularly focusing on CPU and memory usage spikes during security scanning operations. Organizations should also consider implementing temporary network segmentation or isolation of affected systems until patches can be deployed, while maintaining detailed logging of security scan activities to identify potential exploitation attempts. The ATT&CK framework categorizes this vulnerability under the T1499.004 technique for network denial of service, where adversaries may leverage such weaknesses to disrupt security infrastructure. System administrators should also consider implementing additional input validation measures and limiting the types of archive files processed by the scanner engine to reduce attack surface while permanent patches are deployed.