CVE-2024-45520
📋 TL;DR
CVE-2024-45520 is a memory corruption vulnerability in WithSecure Atlant (formerly F-Secure Atlant) that allows remote attackers to cause denial of service by sending specially crafted PE32 files. Organizations using Atlant for file scanning are affected, particularly those processing untrusted files.
💻 Affected Systems
- WithSecure Atlant (formerly F-Secure Atlant)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of Atlant scanning functionality, potentially affecting dependent security workflows and causing system instability.
Likely Case
Scanning service crashes when processing malicious PE32 files, requiring service restart and causing temporary scanning downtime.
If Mitigated
Limited impact with proper network segmentation and file input validation, though scanning interruptions may still occur.
🎯 Exploit Status
Exploitation requires delivering a specially crafted PE32 file to the scanning service. No authentication bypass needed if scanning service accepts external files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to version beyond 1.0.35-1 (check vendor advisory for specific fixed version)
Vendor Advisory: https://www.withsecure.com/en/support/security-advisories/cve-2024-45520
Restart Required: No
Instructions:
1. Check current Atlant version. 2. Download latest version from WithSecure. 3. Follow vendor upgrade instructions. 4. Verify successful update.
🔧 Temporary Workarounds
Temporary PE32 scanning restriction
allConfigure Atlant to skip or quarantine PE32 files temporarily until patched
# Configure in Atlant management interface or configuration files per vendor documentation
🧯 If You Can't Patch
- Implement strict file upload controls and validation before files reach Atlant scanning
- Isolate Atlant scanning service in segmented network with limited exposure
🔍 How to Verify
Check if Vulnerable:
Check Atlant version via management interface or command: atlant --versionCheck Version:
atlant --versionVerify Fix Applied:
Confirm version is updated beyond 1.0.35-1 and test scanning functionality with known safe PE32 files📡 Detection & Monitoring
Log Indicators:
- Atlant service crashes
- Memory access violation errors in logs
- Scanning process termination
Network Indicators:
- Unusual PE32 file submissions to scanning service
- Repeated scanning failures
SIEM Query:
source="atlant" AND ("crash" OR "memory" OR "corruption" OR "segmentation fault")