CVE-2019-15961

CWE-20 — Improper Input Validation CWE-400 — Uncontrolled Resource Consumption12 documents8 sources

Severity

6.5MEDIUM

EPSS

2.2%

top 15.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clamav Canonical Ubuntu Linux Cisco Email Security Appliance Firmware +1 more

Timeline

PublishedJan 15

Latest updateMay 24

Description

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDcisco/email_security_appliance_firmware11.1.1-042, 11.1.2-023+1

▶CVEListV5clamav/clamavunspecified — 0.101.4+1

▶Debianclamav< 0.102.1+dfsg-1+3

▶NVDclamav/clamav0.101.4+1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04

🔴Vulnerability Details

GHSA

GHSA-4w5h-pwr8-qh64: A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0↗2022-05-24

▶

CVEList

Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability↗2020-01-15

▶

OSV

CVE-2019-15961: A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0↗2020-01-15

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerability↗2020-01-23

▶

Microsoft

Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability↗2020-01-14

▶

Ubuntu

ClamAV vulnerability↗2020-01-08

▶

Debian

CVE-2019-15961: clamav - A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software ver...↗2019

▶

💬Community

Bugzilla

CVE-2019-19553 wireshark: CMS dissector crash (wnpa-sec-2019-22)↗2019-12-12

▶

Bugzilla

CVE-2019-15961 clamav: long scanning time of specially crafted email file leads to denial of service↗2019-12-02

▶

Bugzilla

CVE-2019-15961 clamav: long scanning time of specially crafted email file leads to denial of service [fedora-all]↗2019-12-02

▶

Bugzilla

CVE-2019-15961 clamav: long scanning time of specially crafted email file leads to denial of service [epel-all]↗2019-12-02

▶