JVNVU#93009588
Memory Exhaustion Denial-of-Service (DoS) vulnerability in Trend Micro Scan Engine
Overview
Virus Scan API (VSAPI) or Advanced Threat Scan Engine (ATSE) provided by Trend Micro Incorporated contain a denial-of-service (DoS) vulnerability due to its uncontrolled memory consumption issue.
Products Affected
- Applications that include the Virus Scan API (VSAPI) or Advanced Threat Scan Engine (ATSE)
Description
Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) provided by Trend Micro Incorporated allows an attacker to cause uncontrolled memory consumption (CWE-400) by placing a specially crafted file into the system. This issue potentially leads to disabling of the scanning functionality within the application.
Impact
When a specially crafted file is placed into the system by an attacker with permission to save files on the computer where an application that includes Trend Micro Scan Engine is running, the application's scanning functionality may be disabled due to a memory exhaustion.
Solution
Apply the update or the patch
Apply the appropriate update or the patch according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2021-25224 |
|
CVE-2021-25225 |
|
|
CVE-2021-25226 |
|
|
CVE-2021-25227 |
|
|
CVE-2021-25252 |
|
| JVN iPedia |
|