{"api_version":"1","generated_at":"2026-04-23T04:12:04+00:00","cve":"CVE-2021-27506","urls":{"html":"https://cve.report/CVE-2021-27506","api":"https://cve.report/api/cve/CVE-2021-27506.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-27506","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-27506"},"summary":{"title":"CVE-2021-27506","description":"The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-03-19 15:15:00","updated_at":"2022-07-01 12:02:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://blog.clamav.net/2021/02/clamav-01031-patch-release.html","name":"https://blog.clamav.net/2021/02/clamav-01031-patch-release.html","refsource":"MISC","tags":[],"title":"ClamAV® blog: ClamAV 0.103.1 patch release","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://advisories.stormshield.eu/2021-003/","name":"https://advisories.stormshield.eu/2021-003/","refsource":"CONFIRM","tags":[],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-27506","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27506","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"27506","vulnerable":"1","versionEndIncluding":"0.103.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clamav","cpe5":"clamav","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27506","vulnerable":"1","versionEndIncluding":"9.1.11","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"netasq_project","cpe5":"netasq","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"27506","vulnerable":"1","versionEndIncluding":"4.2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"stormshield","cpe5":"network_security","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-27506","qid":"900102","title":"CBL-Mariner Linux Security Update for clamav 0.103.0"},{"cve":"CVE-2021-27506","qid":"903604","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for clamav (3985)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2021-27506","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://advisories.stormshield.eu/2021-003/","url":"https://advisories.stormshield.eu/2021-003/"},{"refsource":"MISC","name":"https://blog.clamav.net/2021/02/clamav-01031-patch-release.html","url":"https://blog.clamav.net/2021/02/clamav-01031-patch-release.html"}]}},"nvd":{"publishedDate":"2021-03-19 15:15:00","lastModifiedDate":"2022-07-01 12:02:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:stormshield:network_security:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0","versionEndIncluding":"4.2.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:netasq_project:netasq:*:*:*:*:*:*:*:*","versionStartIncluding":"9.1.0","versionEndIncluding":"9.1.11","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*","versionEndIncluding":"0.103.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"27506","Ordinal":"202612","Title":"CVE-2021-27506","CVE":"CVE-2021-27506","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"27506","Ordinal":"1","NoteData":"The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"27506","Ordinal":"2","NoteData":"2021-03-19","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"27506","Ordinal":"3","NoteData":"2021-04-12","Type":"Other","Title":"Modified"}]}}}