CVE-2019-15961

Exploit

EPSS 2.22%
Veröffentlicht 15.01.2020 19:15:13
Zuletzt bearbeitet 21.11.2024 04:29:49
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Clamav ≫ Clamav Version <= 0.101.4

Clamav ≫ Clamav Version0.102.0

Cisco ≫ Email Security Appliance Firmware Version11.1.1-042

Cisco ≫ Email Security Appliance Firmware Version11.1.2-023

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.22%	0.839

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	7.1	8.6	6.9	AV:N/AC:M/Au:N/C:N/I:N/A:C
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://bugzilla.clamav.net/show_bug.cgi?id=12380

Vendor Advisory

Exploit

Issue Tracking

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

Third Party Advisory

Mailing List

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

Third Party Advisory

https://security.gentoo.org/glsa/202003-46

Third Party Advisory

https://usn.ubuntu.com/4230-2/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-15961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15961

EUVD