{"api_version":"1","generated_at":"2026-04-23T04:11:31+00:00","cve":"CVE-2021-1252","urls":{"html":"https://cve.report/CVE-2021-1252","api":"https://cve.report/api/cve/CVE-2021-1252.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-1252","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-1252"},"summary":{"title":"CVE-2021-1252","description":"A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.","state":"PUBLIC","assigner":"psirt@cisco.com","published_at":"2021-04-08 05:15:00","updated_at":"2022-08-05 17:18:00"},"problem_types":["CWE-835"],"metrics":[],"references":[{"url":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","name":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","refsource":"CISCO","tags":[],"title":"ClamAV® blog: ClamAV 0.103.2 security patch release","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-1252","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1252","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"1252","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"0.103.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1252","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"0.103.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-1252","qid":"174899","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1174-1)"},{"cve":"CVE-2021-1252","qid":"174903","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1190-1)"},{"cve":"CVE-2021-1252","qid":"174911","title":"SUSE Enterprise Linux Security Update for clamav (SUSE-SU-2021:1189-1)"},{"cve":"CVE-2021-1252","qid":"180084","title":"Debian Security Update for clamav (CVE-2021-1252)"},{"cve":"CVE-2021-1252","qid":"198334","title":"Ubuntu Security Notification for ClamAV vulnerabilities (USN-4918-1)"},{"cve":"CVE-2021-1252","qid":"375524","title":"ClamAV Multiple Vulnerability"},{"cve":"CVE-2021-1252","qid":"500100","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2021-1252","qid":"503825","title":"Alpine Linux Security Update for clamav"},{"cve":"CVE-2021-1252","qid":"690182","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for clamav (9ae2c00f-97d0-11eb-8cd6-080027f515ea)"},{"cve":"CVE-2021-1252","qid":"750265","title":"OpenSUSE Security Update for clamav (openSUSE-SU-2021:0555-1)"},{"cve":"CVE-2021-1252","qid":"900102","title":"CBL-Mariner Linux Security Update for clamav 0.103.0"},{"cve":"CVE-2021-1252","qid":"903057","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for clamav (4060)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","DATE_PUBLIC":"2021-04-08T12:08:00.000Z","ID":"CVE-2021-1252","STATE":"PUBLIC","TITLE":"Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ClamAV","version":{"version_data":[{"version_affected":"=","version_value":"0.103.0"},{"version_affected":"=","version_value":"0.103.1"}]}}]},"vendor_name":"Cisco"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","refsource":"CISCO","url":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"}]},"source":{"advisory":"https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-04-08 05:15:00","lastModifiedDate":"2022-08-05 17:18:00","problem_types":["CWE-835"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE","baseScore":7.8},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:0.103.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:0.103.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"1252","Ordinal":"191325","Title":"CVE-2021-1252","CVE":"CVE-2021-1252","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"1252","Ordinal":"1","NoteData":"A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"1252","Ordinal":"2","NoteData":"2021-04-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"1252","Ordinal":"3","NoteData":"2021-04-08","Type":"Other","Title":"Modified"}]}}}