CVE-2021-27506

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Stormshield Network Security versions 1.0.0 through 4.2.0 Netasq versions 9.1.0 through 9.1.11

Description The issue affects the ClamAV Engine component, which can be subject to a Denial of Service (DoS) when parsing malformed png files, leading to the crash of the ClamAV service.

Recommendations For Stormshield Network Security versions 1.0.0 through 4.2.0, update to version 3.7.19, 3.11.7, or 4.2.1 to resolve the issue. For Netasq versions 9.1.0 through 9.1.11, consider disabling the ClamAV Engine component until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2021-1627

ALT-PU-2021-1635

ALT-PU-2022-1152

CVE-2021-27506

OESA-2021-1187

Affected Products

Alt Linux

Netasq

Stormshield Network Security

CVE-2021-27506

Related Identifiers

Affected Products

References · 11