Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2019-15961

Published: 15/01/2020 Updated: 19/10/2022
CVSS v2 Base Score: 7.1 | Impact Score: 6.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 632
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Subscribe to Clamav

Vulnerability Summary

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote malicious user to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the malicious user to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

clamav clamav

clamav clamav 0.102.0

cisco email security appliance firmware 11.1.2-023

cisco email security appliance firmware 11.1.1-042

debian debian linux 8.0

canonical ubuntu linux 14.04

canonical ubuntu linux 12.04

Vendor Advisories

Debian CVElist Bug Report Logs: new upstream version 0.102.1 to fix CVE-2019-15961
Debian Bug report logs - #945265 new upstream version 01021 to fix CVE-2019-15961 Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Harald Dunkel <haralddunkel@aixigocom> Date: Fri, 22 Nov 2019 07:42 ...
Ubuntu Security Notice: clamav vulnerability
ClamAV could be made to crash if it opened a specially crafted file ...
Ubuntu Security Notice: clamav vulnerability
ClamAV could be made to crash if it opened a specially crafted file ...
Amazon Linux AMI: ALAS-2020-1335
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 01020, 01014 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted e ...

References

CWE-400https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010https://bugzilla.clamav.net/show_bug.cgi?id=12380https://usn.ubuntu.com/4230-2/https://lists.debian.org/debian-lts-announce/2020/02/msg00016.htmlhttps://security.gentoo.org/glsa/202003-46https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945265https://nvd.nist.govhttps://usn.ubuntu.com/4230-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook