CVE-2021-25252

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Published: Mar 3, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-25252
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
trendmicro / apex_central	2019	2019.x
trendmicro / apex_one	2019	2019.x
trendmicro / cloud_edge	5.0	5.0.x
trendmicro / deep_security	20.0	20.0.x
trendmicro / deep_security	11.0	11.0.x
trendmicro / deep_security	12.0	12.0.x
trendmicro / deep_security	10.0	10.0.x
trendmicro / control_manager	7.0	7.0.x
trendmicro / deep_discovery_analyzer	5.1	5.1.x
trendmicro / deep_discovery_email_inspector	2.5	2.5.x
trendmicro / deep_discovery_inspector	3.8	3.8.x
trendmicro / interscan_messaging_security_virtual_appliance	9.1	9.1.x
trendmicro / interscan_web_security_virtual_appliance	6.5	6.5.x
trendmicro / portal_protect	2.6	2.6.x
trendmicro / scanmail	14.0	14.0.x
trendmicro / scanmail_for_ibm_domino	5.8	5.8.x
trendmicro / serverprotect_for_storage	6.0	6.0.x
trendmicro / serverprotect	5.8	5.8.x
trendmicro / serverprotect_for_network_appliance_filers	5.8	5.8.x
trendmicro / safe_lock	1.1	1.1.x
trendmicro / worry-free_business_security	10.1	10.1.x

https://success.trendmicro.com/solution/000285675

Vulnerability Database

289,697

CVE-2021-25252