CVE-2021-27506

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.

Published: Mar 19, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-27506
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
netasq_project / netasq	9.1.0	9.1.11.x
clamav / clamav	-	0.103.1.x
stormshield / stormshield_network_security	1.0	4.2.0.x

https://advisories.stormshield.eu/2021-003/
https://blog.clamav.net/2021/02/clamav-01031-patch-release.html

Vulnerability Database

289,697

CVE-2021-27506