CVE-2021-25225
Trend Micro ServerProtect splx_schedule_scan Memory Exhaustion Denial-Of-Service Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Una vulnerabilidad de agotamiento de la memoria en Trend Micro ServerProtect para Linux versión 3.0, podría permitir a un atacante local diseñar archivos específicos que pueden causar una denegación de servicio en el producto afectado. El fallo específico se presenta dentro de un componente de escaneo programado. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema objetivo a fin de explotar esta vulnerabilidad
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Trend Micro ServerProtect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the splx_schedule_scan executable. The issue results from the lack of proper validation of user-supplied data, which can result in a memory exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-15 CVE Reserved
- 2021-01-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-21-086 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://success.trendmicro.com/solution/000284207 | 2021-02-01 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Trendmicro Search vendor "Trendmicro" | Serverprotect Search vendor "Trendmicro" for product "Serverprotect" | 3.0 Search vendor "Trendmicro" for product "Serverprotect" and version "3.0" | linux |
Affected
|