ClamAV DoS vulnerability

Advisory ID CVE Number Date discovered Severity Advisory revision
STORM-2021-003 CVE-2021-27506 02/03/2021 medium v4

Vulnerability details

ClamAV crash caused by malformed file parsing

Impacted products

ProductsSeverityDetail
Stormshield Network Security medium SNS is impacted
Netasq medium Netasq is impacted

Revisions

Version Date Description
v1 03/18/2021 Initial release
v2 03/22/2021 Vulnerability precision
v3 04/06/2021 Update fix version
v4 05/27/2021 Update fix version
v5 10/11/2021 Typo fix version

 



Stormshield Network Security

CVSS v3.1 Overall Score: 5.8      

Analysis

Impacted version

The parsing of some malformed files can lead to the crash of ClamAV service. ClamAV released a signature on their database to prevent this vulnerability to happen.

SNS is not vulnerable if Clamav is not used or the last update of the Clamav database is after 3 February

  • SNS 1.0.0 to SNS 2.7.8
  • SNS 2.8.0 to 2.16.0
  • SNS 3.0.0 to 3.7.18
  • SNS 3.8.0 to 3.11.6
  • SNS 4.0.0 to 4.1.5

Workaround solution

Solution

Update your ClamAV database in order to prevent the vulnerability to be triggered.

The vulnerability is fixed in versions:

  • 3.7.19
  • 3.11.7
  • 4.1.6
  • 4.2.1


Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed None None Low
CVSS Base score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.1 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)


Netasq

CVSS v3.1 Overall Score: 5.8      

Analysis

Impacted version

The parsing of some malformed files can lead to the crash of ClamAV service. ClamAV released a signature on their database to prevent this vulnerability to happen.

Netasq is not vulnerable if Clamav is not used or the last update of the Clamav database is after 3 February

  • Netasq 9.1.0 to 9.1.11

Workaround solution

Solution

Update your ClamAV database in order to prevent the vulnerability to be triggered.

No solution



Attack Vector Attack Complexity Privileges Required User Interaction Scope Confidentiality Impact Integrity Impact Availability impact
Network Low None None Changed None None Low
CVSS Base score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)
Exploit Code Maturity Remediation Level Report Confidence
Unproven that exploit exists Official fix Confirmed
CVSS Temporal score: 5.1 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C)
Confidentiality Requirement Integrity Requirement Availability Requirement
High High High
CVSS Environmental score: 5.8 CVSS Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X)