CVE-2019-15961

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

References

https://bugzilla.clamav.net/show_bug.cgi?id=12380

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

https://security.gentoo.org/glsa/202003-46

https://usn.ubuntu.com/4230-2/

Details

Source: MITRE

Published: 2020-01-15

Updated: 2020-03-19

Type: CWE-400

Risk Information

CVSS v2

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
150517SUSE SLES11 Security Update : clamav (SUSE-SU-2019:14236-1)NessusSuSE Local Security Checks
medium
145338openSUSE Security Update : clamav (openSUSE-2020-2268)NessusSuSE Local Security Checks
critical
145307openSUSE Security Update : clamav (openSUSE-2020-2276)NessusSuSE Local Security Checks
critical
144579SUSE SLES12 Security Update : clamav (SUSE-SU-2020:3918-1)NessusSuSE Local Security Checks
critical
144237SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2020:3790-1)NessusSuSE Local Security Checks
critical
143705SUSE SLES12 Security Update : clamav (SUSE-SU-2020:3729-1)NessusSuSE Local Security Checks
critical
134732GLSA-202003-46 : ClamAV: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
133773Debian DLA-2108-1 : clamav security updateNessusDebian Local Security Checks
medium
133005Amazon Linux AMI : clamav (ALAS-2020-1335)NessusAmazon Linux Local Security Checks
medium
132746Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : clamav vulnerability (USN-4230-1)NessusUbuntu Local Security Checks
medium
131993openSUSE Security Update : clamav (openSUSE-2019-2668)NessusSuSE Local Security Checks
medium
131751SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3177-1)NessusSuSE Local Security Checks
medium
131750SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3176-1)NessusSuSE Local Security Checks
medium
131573Fedora 31 : clamav (2019-1543eae191)NessusFedora Local Security Checks
medium
131462Fedora 30 : clamav (2019-dcbfe89e39)NessusFedora Local Security Checks
medium
131295FreeBSD : clamav -- Denial-of-Service (DoS) vulnerability (6ade62d9-0f62-11ea-9673-4c72b94353b5)NessusFreeBSD Local Security Checks
medium