CVE-2021-1405

Published on: 04/08/2021 12:00:00 AM UTC

Last Modified on: 04/14/2021 11:15:00 AM UTC

CVE-2021-1405 - advisory for https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Source: Mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

The following vulnerability was found:

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

  • CVE-2021-1405 has been assigned by [email protected] to track the vulnerability
  • Affected Vendor/Software: Cisco - ClamAV version <= 0.103.1

CVE References

Description Tags Link
[SECURITY] [DLA 2626-1] clamav security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20210414 [SECURITY] [DLA 2626-1] clamav security update
ClamAV® blog: ClamAV 0.103.2 security patch release blog.clamav.net
text/html
URL Logo CISCO blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Related QID Numbers

  • 174899 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1174-1)
  • 174903 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1190-1)
  • 174911 SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1189-1)

Known Affected Software

Vendor Product Version
Cisco ClamAV<= 0.103.1

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-1405 : A vulnerability in the PDF parsing module in Clam AntiVirus ClamAV Software versions 0.103.0 and… twitter.com/i/web/status/1… 2021-04-08 04:33:43