Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-12420

Published: 12/12/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Apache

Vulnerability Summary

In Apache SpamAssassin prior to 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache spamassassin

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

Vendor Advisories

Debian CVElist Bug Report Logs: spamassassin: CVE-2019-12420: specially crafted messages can exhaust system resources resulting in a denial of service
Debian Bug report logs - #946653 spamassassin: CVE-2019-12420: specially crafted messages can exhaust system resources resulting in a denial of service Package: spamassassin; Maintainer for spamassassin is Noah Meyerhans <noahm@debianorg>; Source for spamassassin is src:spamassassin (PTS, buildd, popcon) Reported by: Noah M ...
Red Hat: Moderate: spamassassin security update
Synopsis Moderate: spamassassin security update Type/Severity Security Advisory: Moderate Topic An update for spamassassin is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: spamassassin security update
Übersicht Moderate: spamassassin security update Typ/Schweregrad Security Advisory: Moderate Thema An update for spamassassin is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) ...
Ubuntu Security Notice: spamassassin vulnerabilities
Several security issues were fixed in SpamAssassin ...
Ubuntu Security Notice: spamassassin vulnerabilities
Several security issues were fixed in SpamAssassin ...
Debian Security Advisories: DSA-4584-1 spamassassin -- security update
Two vulnerabilities were discovered in spamassassin, a Perl-based spam filter using text analysis CVE-2018-11805 Malicious rule or configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios CVE-2019-12420 Specially crafted mulitpart messages can cause spamassassin to ...
Amazon Linux 2: ALAS2-2020-1545
In Apache SpamAssassin before 343, a message can be crafted in a way to use excessive resources Upgrading to SA 343 as soon as possible is the recommended fix but details will not be shared publicly (CVE-2019-12420) ...
Amazon Linux AMI: ALAS-2020-1341
In Apache SpamAssassin before 343, a message can be crafted in a way to use excessive resources Upgrading to SA 343 as soon as possible is the recommended fix but details will not be shared publicly (CVE-2019-12420) In Apache SpamAssassin before 343, nefarious CF files can be configured to run system commands without any output or errors W ...
Arch Linux Issues:
An excessive resource-consumption vulnerability where a message can be crafted in a way to use excessive resources ...

Mailing Lists

Full Disclosure: Apache SpamAssassin v3.4.3 released with fix for CVE-2019-12420
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Apache SpamAssassin v343 released with fix for CVE-2019-12420 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: " ...

References

CWE-400https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txthttp://www.openwall.com/lists/oss-security/2019/12/12/2https://www.debian.org/security/2019/dsa-4584https://seclists.org/bugtraq/2019/Dec/27https://lists.debian.org/debian-lts-announce/2019/12/msg00019.htmlhttps://usn.ubuntu.com/4237-1/https://usn.ubuntu.com/4237-2/https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3Ehttps://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3Ehttps://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3Ehttps://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3Ehttps://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946653https://usn.ubuntu.com/4237-2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook