CVE-2021-1405

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/14/2021 11:15:00 AM UTC

CVE-2021-1405 - advisory for https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The following vulnerability was found:

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

  • CVE-2021-1405 has been assigned by [email protected] to track the vulnerability
  • Affected Vendor/Software: Cisco - ClamAV version <= 0.103.1

CVE References

Description Tags Link
[SECURITY] [DLA 2626-1] clamav security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20210414 [SECURITY] [DLA 2626-1] clamav security update
ClamAV® blog: ClamAV 0.103.2 security patch release blog.clamav.net
text/html
 URL Logo CISCO blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 174899 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1174-1)
  • 174903 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1190-1)
  • 174911 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1189-1)

Known Affected Software

Vendor Product Version
Cisco ClamAV<= 0.103.1

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1405 : A vulnerability in the PDF parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and… twitter.com/i/web/status/1… 2021-04-08 04:33:43