CVE-2021-1405

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

05 Aug 2022, 17:18

Type Values Removed Values Added
CWE CWE-120 CWE-909

03 Jun 2021, 19:09

Type Values Removed Values Added
References (GENTOO) https://security.gentoo.org/glsa/202104-07 - (GENTOO) https://security.gentoo.org/glsa/202104-07 - Third Party Advisory

Information

Published : 2021-04-08 05:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-1405

Mitre link : CVE-2021-1405

CVE.ORG link : CVE-2021-1405


JSON object : View

Products Affected

debian

  • debian_linux

clamav

  • clamav
CWE
CWE-909

Missing Initialization of Resource

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')