CVE-2021-25252

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 61.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Trend Micro Virus Scan API (vsapi) Engine Trendmicro Apex Central Trendmicro Apex ONE +16 more

Timeline

PublishedMar 3

Latest updateMay 24

Description

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages16 packages

▶CVEListV5trend_micro/trend_micro_virus_scan_api_(vsapi)_engine12.0

▶NVDtrendmicro/scanmail14.0, 5.8+1

▶NVDtrendmicro/interscan_web_security_virtual_appliance6.5

▶NVDtrendmicro/interscan_messaging_security_virtual_appliance9.1

▶NVDtrendmicro/apex_one2019

Patches

Patch: success.trendmicro.com ↗Patch: success.trendmicro.com ↗

🔴Vulnerability Details

GHSA

GHSA-f392-jc49-593j: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to den↗2022-05-24

▶

CVEList

CVE-2021-25252: Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to den↗2021-03-03

▶