Vulnerability Description
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clamav | Clamav | <= 0.103.1 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.htmlRelease NotesVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/04/msg00012.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202104-07Third Party Advisory
- https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.htmlRelease NotesVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/04/msg00012.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202104-07Third Party Advisory
FAQ
What is CVE-2021-1405?
CVE-2021-1405 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service cond...
How severe is CVE-2021-1405?
CVE-2021-1405 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-1405?
Check the references section above for vendor advisories and patch information. Affected products include: Clamav Clamav, Debian Debian Linux.