CVE-2021-25224

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 78.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Serverprotect FOR Linux Trendmicro Serverprotect

Timeline

PublishedJan 27

Latest updateMay 24

Description

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5trend_micro/trend_micro_serverprotect_for_linux3.0

▶NVDtrendmicro/serverprotect3.0

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-h4xp-qh97-9m3x: A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3↗2022-05-24

▶

CVEList

CVE-2021-25224: A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3↗2021-01-27

▶