Vulnerabilites related to netasq_project - netasq
Vulnerability from fkie_nvd
Published
2021-03-19 15:15
Modified
2024-11-21 05:58
Severity ?
Summary
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://advisories.stormshield.eu/2021-003/ | Broken Link, Vendor Advisory | |
| cve@mitre.org | https://blog.clamav.net/2021/02/clamav-01031-patch-release.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://advisories.stormshield.eu/2021-003/ | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.clamav.net/2021/02/clamav-01031-patch-release.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| netasq_project | netasq | * | |
| stormshield | stormshield_network_security | * | |
| clamav | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netasq_project:netasq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9706560E-DD3E-45D1-895C-5EE59C7DFB3C",
"versionEndIncluding": "9.1.11",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:stormshield:stormshield_network_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20C1A2CD-7802-4497-B87D-8D49506B7BCB",
"versionEndIncluding": "4.2.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A4DD0B-BD39-4BC7-BB23-114AFC9C2FAD",
"versionEndIncluding": "0.103.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1."
},
{
"lang": "es",
"value": "El componente ClamAV Engine (versi\u00f3n 0.103.1 e inferior) incrustado en Storsmshield Network Security (SNS) est\u00e1 sujeto a DoS en caso de analizar archivos png malformados. Esto afecta a las versiones 9.1.0 a 9.1.11 de Netasq y a las versiones 1.0.0 a 4.2.0 de SNS. Este problema se ha solucionado en SNS versiones 3.7.19, 3.11.7 y 4.2.1."
}
],
"id": "CVE-2021-27506",
"lastModified": "2024-11-21T05:58:07.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T15:15:12.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://advisories.stormshield.eu/2021-003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "https://advisories.stormshield.eu/2021-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-27506 (GCVE-0-2021-27506)
Vulnerability from cvelistv5
Published
2021-03-19 14:28
Modified
2024-08-03 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.160Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://advisories.stormshield.eu/2021-003/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-12T15:27:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://advisories.stormshield.eu/2021-003/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisories.stormshield.eu/2021-003/",
"refsource": "CONFIRM",
"url": "https://advisories.stormshield.eu/2021-003/"
},
{
"name": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html",
"refsource": "MISC",
"url": "https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27506",
"datePublished": "2021-03-19T14:28:20",
"dateReserved": "2021-02-19T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.160Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}