Vulnerability Description
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netasq Project | Netasq | >= 9.1.0, <= 9.1.11 |
| Stormshield | Stormshield Network Security | >= 1.0, <= 4.2.0 |
| Clamav | Clamav | <= 0.103.1 |
References
- https://advisories.stormshield.eu/2021-003/Broken LinkVendor Advisory
- https://blog.clamav.net/2021/02/clamav-01031-patch-release.htmlVendor Advisory
- https://advisories.stormshield.eu/2021-003/Broken LinkVendor Advisory
- https://blog.clamav.net/2021/02/clamav-01031-patch-release.htmlVendor Advisory
FAQ
What is CVE-2021-27506?
CVE-2021-27506 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 t...
How severe is CVE-2021-27506?
CVE-2021-27506 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27506?
Check the references section above for vendor advisories and patch information. Affected products include: Netasq Project Netasq, Stormshield Stormshield Network Security, Clamav Clamav.