Denial of Service Vulnerability in Storsmshield Network Security Using ClamAV
CVE-2021-27506

5.5MEDIUM

Key Information:

Vendor: Stormshield
Status: Network Security; Netasq
Vendor: CVE Published:; 19 March 2021

🔔 Create Stormshield Vulnerability Alert

What is CVE-2021-27506?

The ClamAV Engine, when embedded in Storsmshield Network Security, is vulnerable to a Denial of Service (DoS) attack due to improper handling of malformed PNG files. This vulnerability impacts various versions of Storsmshield Network Security and the accompanying Netasq products. Successful exploitation may lead to service disruptions, affecting the availability and reliability of the affected systems. The issue has been addressed in security patches in versions 3.7.19, 3.11.7, and 4.2.1 of SNS.

References

https://advisories.stormshield.eu/2021-003/

x_refsource_CONFIRM

https://blog.clamav.net/2021/02/clamav-01031-patch-releas...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2021
Vulnerability Reserved
Feb 19, 2021

CVE-2021-27506 Data

JSON