CVE-2021-1405

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

References

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html

https://security.gentoo.org/glsa/202104-07

Details

Source: MITRE

Published: 2021-04-08

Updated: 2021-06-03

Type: CWE-120

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* versions up to 0.103.1 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
150524SUSE SLES11 Security Update : clamav (SUSE-SU-2021:14692-1)NessusSuSE Local Security Checks
high
149215GLSA-202104-07 : ClamAV: Denial of serviceNessusGentoo Local Security Checks
high
148819Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : ClamAV vulnerabilities (USN-4918-1)NessusUbuntu Local Security Checks
high
148699openSUSE Security Update : clamav (openSUSE-2021-555)NessusSuSE Local Security Checks
high
148639SUSE SLES12 Security Update : clamav (SUSE-SU-2021:1189-1)NessusSuSE Local Security Checks
high
148636SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2021:1190-1)NessusSuSE Local Security Checks
high
148623Debian DLA-2626-1 : clamav security updateNessusDebian Local Security Checks
high
148528SUSE SLES12 Security Update : clamav (SUSE-SU-2021:1174-1)NessusSuSE Local Security Checks
high
148516FreeBSD : clamav -- Multiple vulnerabilites (9ae2c00f-97d0-11eb-8cd6-080027f515ea)NessusFreeBSD Local Security Checks
high