← Back

CVE-2019-15961

nvd nist
Published: Jan 15, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Affected (7)

Show all products
Clamav: Clamav · Cisco: Email Security Appliance Firmware · Canonical: Ubuntu Linux · Debian: Debian Linux
Clamav
1 product
Clamav
Cisco
1 product
Email Security Appliance Firmware
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Clamav
Clamav
Up to 0.101.4
Clamav
Version 0.102.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Email Security Appliance Firmware
Version 11.1.1-042
Email Security Appliance Firmware
Version 11.1.2-023
Configuration C
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Debian Linux
Version 8.0

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (10)

Source: psirt@cisco.com
ExploitIssue TrackingVendor Advisory
Source: psirt@cisco.com
Mailing ListThird Party Advisory
Source: psirt@cisco.com
Third Party Advisory
Source: psirt@cisco.com
Third Party Advisory
Source: psirt@cisco.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.