Vulnerability CVE-2019-15961


Published: 2020-01-15

Description:
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Clamav -> Clamav 
Cisco -> Email security appliance firmware 

 References:
https://bugzilla.clamav.net/show_bug.cgi?id=12380
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010
https://usn.ubuntu.com/4230-2/

Copyright 2024, cxsecurity.com

 

Back to Top