← Back

CVE-2021-25252

nvd nist
Published: Mar 3, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.

Affected (23)

Trendmicro
19 products
Apex Central
Apex One
Cloud Edge
Deep Security
Control Manager
Deep Discovery Analyzer
Deep Discovery Email Inspector
Deep Discovery Inspector
Interscan Messaging Security Virtual Appliance
Interscan Web Security Virtual Appliance
Officescan
Portal Protect
Scanmail
Scanmail For Ibm Domino
Serverprotect For Storage
Serverprotect
Serverprotect For Network Appliance Filers
Safe Lock
Worry Free Business Security
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Apex Central
Version 2019
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Apex One
Version 2019
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Cloud Edge
Version 5.0
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Apex One
All versions
Running on/withPlatform Versions
Apple
Macos
All versions
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Trendmicro
Deep Security
Version 10.0
Deep Security
Version 11.0
Deep Security
Version 12.0
Deep Security
Version 20.0
Configuration F
1 vulnerable
Vulnerable SoftwareAffected Versions
Control Manager
Version 7.0
Configuration G
1 vulnerable
Vulnerable SoftwareAffected Versions
Deep Discovery Analyzer
Version 5.1
Configuration H
1 vulnerable
Vulnerable SoftwareAffected Versions
Deep Discovery Email Inspector
Version 2.5
Configuration I
1 vulnerable
Vulnerable SoftwareAffected Versions
Deep Discovery Inspector
Version 3.8
Configuration J
1 vulnerable
Vulnerable SoftwareAffected Versions
Interscan Messaging Security Virtual Appliance
Version 9.1
Configuration K
1 vulnerable
Vulnerable SoftwareAffected Versions
Interscan Web Security Virtual Appliance
Version 6.5
Configuration L
1 vulnerable
Vulnerable SoftwareAffected Versions
Officescan
All versions
Configuration M
1 vulnerable
Vulnerable SoftwareAffected Versions
Portal Protect
Version 2.6
Configuration N
1 vulnerable
Vulnerable SoftwareAffected Versions
Scanmail
Version 14.0
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Scanmail For Ibm Domino
Version 5.8
Running on/withPlatform Versions
Linux
Linux Kernel
All versions
Configuration P
1 vulnerable
Vulnerable SoftwareAffected Versions
Serverprotect For Storage
Version 6.0
Configuration Q
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Serverprotect
Version 5.8
Running on/withPlatform Versions
Emc
Celerra Network Attached Storage
All versions
Novell
Netware
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Serverprotect For Network Appliance Filers
Version 5.8
Running on/withPlatform Versions
Netapp
Cluster Data Ontap
All versions
Configuration S
1 vulnerable
Vulnerable SoftwareAffected Versions
Safe Lock
Version 1.1
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Worry Free Business Security
Version 10.1
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: security@trendmicro.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.