CVE-2021-27223Anti-virus vulnerability

4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 67.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Kaspersky Anti-virusKaspersky Endpoint SecurityKaspersky Internet Security+3 more
Timeline
PublishedApr 1
Latest updateApr 3

Description

A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security. A local user could cause Windows crash by running a specially crafted binary module. The fix was delivered automatically. Credits: (Straghkov Denis, Kurmangaleev Shamil, Fedotov Andrey, Kuts Daniil, Mishechkin Maxim, Akolzin Vitaliy) @ ISPRAS

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

NVDkaspersky/anti-virus< 2021-06

🔴Vulnerability Details

2
GHSA
GHSA-7cc7-6j4x-2w54: A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security2022-04-03
CVEList
CVE-2021-27223: A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security2022-04-01

📋Vendor Advisories

1
Oracle
Oracle Oracle REST Data Services Risk Matrix: General (Eclipse Jetty) — CVE-2020-272232021-04-15
CVE-2021-27223 — Kaspersky Anti-virus vulnerability | cvebase