CVE-2021-27506

{"id": "CVE-2021-27506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-03-19T15:15:12.650", "references": [{"url": "https://advisories.stormshield.eu/2021-003/", "tags": ["Broken Link", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://advisories.stormshield.eu/2021-003/", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1."}, {"lang": "es", "value": "El componente ClamAV Engine (versi\u00f3n 0.103.1 e inferior) incrustado en Storsmshield Network Security (SNS) est\u00e1 sujeto a DoS en caso de analizar archivos png malformados. Esto afecta a las versiones 9.1.0 a 9.1.11 de Netasq y a las versiones 1.0.0 a 4.2.0 de SNS. Este problema se ha solucionado en SNS versiones 3.7.19, 3.11.7 y 4.2.1."}], "lastModified": "2024-11-21T05:58:07.733", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netasq_project:netasq:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9706560E-DD3E-45D1-895C-5EE59C7DFB3C", "versionEndIncluding": "9.1.11", "versionStartIncluding": "9.1.0"}, {"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20C1A2CD-7802-4497-B87D-8D49506B7BCB", "versionEndIncluding": "4.2.0", "versionStartIncluding": "1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22A4DD0B-BD39-4BC7-BB23-114AFC9C2FAD", "versionEndIncluding": "0.103.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}