CVE-2021-27506Clamav vulnerability

4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 49.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavNetasq Project NetasqStormshield Network Security
Timeline
PublishedMar 19
Latest updateMay 24

Description

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDclamav/clamav0.103.1
NVDnetasq_project/netasq9.1.09.1.11

🔴Vulnerability Details

2
GHSA
GHSA-rfvf-cm38-cvx4: In Stormshield Network Security (SNS) 12022-05-24
CVEList
CVE-2021-27506: The ClamAV Engine (version 02021-03-19

📋Vendor Advisories

1
Microsoft
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 t2021-03-09
CVE-2021-27506 — Clamav vulnerability | cvebase