CVE-2021-27506

EUVD-2021-14260
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
netasq_projectnetasq
9.1.0 ≤
𝑥
≤ 9.1.11
stormshieldstormshield_network_security
1.0 ≤
𝑥
≤ 4.2.0
clamavclamav
𝑥
≤ 0.103.1
𝑥
= Vulnerable software versions
References
https://advisories.stormshield.eu/2021-003/
https://blog.clamav.net/2021/02/clamav-01031-patch-release.html
https://advisories.stormshield.eu/2021-003/
https://blog.clamav.net/2021/02/clamav-01031-patch-release.html