7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
59.4%
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus
(ClamAV) Software versions 0.103.0 and 0.103.1 could allow an
unauthenticated, remote attacker to cause a denial of service condition on
an affected device. The vulnerability is due to improper error handling
that may result in an infinite loop. An attacker could exploit this
vulnerability by sending a crafted Excel file to an affected device. An
exploit could allow the attacker to cause the ClamAV scanning process hang,
resulting in a denial of service condition.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | clamav | < 0.103.2+dfsg-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | clamav | < 0.103.2+dfsg-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | clamav | < 0.103.2+dfsg-0ubuntu0.20.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | clamav | < 0.103.2+dfsg-0ubuntu0.14.04.1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 16.04 | noarch | clamav | < 0.103.2+dfsg-0ubuntu0.16.04.1 | UNKNOWN |
blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
launchpad.net/bugs/cve/CVE-2021-1252
nvd.nist.gov/vuln/detail/CVE-2021-1252
security-tracker.debian.org/tracker/CVE-2021-1252
ubuntu.com/security/notices/USN-4918-1
ubuntu.com/security/notices/USN-4918-2
ubuntu.com/security/notices/USN-4918-3
www.cve.org/CVERecord?id=CVE-2021-1252
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
59.4%