vulnerability

Gentoo Linux: CVE-2021-1405: ClamAV: Denial of service

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	04/08/2021	05/03/2021	05/28/2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

04/08/2021

Added

05/03/2021

Modified

05/28/2021

Description

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Solution

gentoo-linux-upgrade-app-antivirus-clamav

References

CVE-2021-1405
https://attackerkb.com/topics/CVE-2021-1405
GENTOO-202104-07

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today