cnvd - cnvd-2021-28300

cnvd-2021-28300

Vulnerability from cnvd

Title: Clam AntiVirus无限循环漏洞

Description:

Clam AntiVirus（ClamAV）是一个类UNIX系统上使用的反病毒软件包。主要应用于邮件服务器，采用多线程后台操作，可以自动升级病毒库。

Clam AntiVirus 0.103.0、0.103.1版中的Excel XLM宏分析模块存在无限循环漏洞。该漏洞源于错误处理不当。攻击者可通过将特制Excel文件发送到受影响的设备利用该漏洞导致ClamAV扫描进程崩溃，从而可导致拒绝服务。

Severity: 高

Patch Name: Clam AntiVirus无限循环漏洞的补丁

Patch Description:

Clam AntiVirus（ClamAV）是一个类UNIX系统上使用的反病毒软件包。主要应用于邮件服务器，采用多线程后台操作，可以自动升级病毒库。

Clam AntiVirus 0.103.0、0.103.1版中的Excel XLM宏分析模块存在无限循环漏洞。该漏洞源于错误处理不当。攻击者可通过将特制Excel文件发送到受影响的设备利用该漏洞导致ClamAV扫描进程崩溃，从而可导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-1252

Impacted products

Name
['ClamAV Clamav 0.103.0', 'ClamAV Clamav 0.103.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1252",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-1252"
    }
  },
  "description": "Clam AntiVirus\uff08ClamAV\uff09\u662f\u4e00\u4e2a\u7c7bUNIX\u7cfb\u7edf\u4e0a\u4f7f\u7528\u7684\u53cd\u75c5\u6bd2\u8f6f\u4ef6\u5305\u3002\u4e3b\u8981\u5e94\u7528\u4e8e\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u91c7\u7528\u591a\u7ebf\u7a0b\u540e\u53f0\u64cd\u4f5c\uff0c\u53ef\u4ee5\u81ea\u52a8\u5347\u7ea7\u75c5\u6bd2\u5e93\u3002\n\nClam AntiVirus 0.103.0\u30010.103.1\u7248\u4e2d\u7684Excel XLM\u5b8f\u5206\u6790\u6a21\u5757\u5b58\u5728\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236Excel\u6587\u4ef6\u53d1\u9001\u5230\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4ClamAV\u626b\u63cf\u8fdb\u7a0b\u5d29\u6e83\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-28300",
  "openTime": "2021-04-15",
  "patchDescription": "Clam AntiVirus\uff08ClamAV\uff09\u662f\u4e00\u4e2a\u7c7bUNIX\u7cfb\u7edf\u4e0a\u4f7f\u7528\u7684\u53cd\u75c5\u6bd2\u8f6f\u4ef6\u5305\u3002\u4e3b\u8981\u5e94\u7528\u4e8e\u90ae\u4ef6\u670d\u52a1\u5668\uff0c\u91c7\u7528\u591a\u7ebf\u7a0b\u540e\u53f0\u64cd\u4f5c\uff0c\u53ef\u4ee5\u81ea\u52a8\u5347\u7ea7\u75c5\u6bd2\u5e93\u3002\r\n\r\nClam AntiVirus 0.103.0\u30010.103.1\u7248\u4e2d\u7684Excel XLM\u5b8f\u5206\u6790\u6a21\u5757\u5b58\u5728\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u9519\u8bef\u5904\u7406\u4e0d\u5f53\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236Excel\u6587\u4ef6\u53d1\u9001\u5230\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4ClamAV\u626b\u63cf\u8fdb\u7a0b\u5d29\u6e83\uff0c\u4ece\u800c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Clam AntiVirus\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "ClamAV Clamav 0.103.0",
      "ClamAV Clamav 0.103.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-1252",
  "serverity": "\u9ad8",
  "submitTime": "2021-04-09",
  "title": "Clam AntiVirus\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e"
}

CVE-2021-1252 (GCVE-0-2021-1252)

Vulnerability from cvelistv5

Published

2021-04-08 04:25

Modified

2024-11-08 23:25

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Summary

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

References

▼	URL	Tags
	https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	ClamAV	Version: 0.103.0 Version: 0.103.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:02:56.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1252",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T20:02:36.719227Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T23:25:50.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ClamAV",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "0.103.0"
            },
            {
              "status": "affected",
              "version": "0.103.1"
            }
          ]
        }
      ],
      "datePublic": "2021-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T04:25:10",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"
        }
      ],
      "source": {
        "advisory": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html",
        "discovery": "UNKNOWN"
      },
      "title": "Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-04-08T12:08:00.000Z",
          "ID": "CVE-2021-1252",
          "STATE": "PUBLIC",
          "TITLE": "Clam AntiVirus (ClamAV) Excel XLM Parser Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ClamAV",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "0.103.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "0.103.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html",
              "refsource": "CISCO",
              "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html"
            }
          ]
        },
        "source": {
          "advisory": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1252",
    "datePublished": "2021-04-08T04:25:10.891603Z",
    "dateReserved": "2020-11-13T00:00:00",
    "dateUpdated": "2024-11-08T23:25:50.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted