CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-1252

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

Products affected by CVE-2021-1252

Clamav » Clamav » Version: 0.103.0

cpe:2.3:a:clamav:clamav:0.103.0
Clamav » Clamav » Version: 0.103.1

cpe:2.3:a:clamav:clamav:0.103.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-1252

Products

Pricing

Contact Us