CVE-2019-15961

HIGH

Description

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

References

https://bugzilla.clamav.net/show_bug.cgi?id=12380

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

https://security.gentoo.org/glsa/202003-46

https://usn.ubuntu.com/4230-2/

Details

Source: MITRE

Published: 2020-01-15

Updated: 2020-03-19

Type: CWE-400

Risk Information

CVSS v2.0

Base Score: 7.1

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
145338openSUSE Security Update : clamav (openSUSE-2020-2268)NessusSuSE Local Security Checks
high
145307openSUSE Security Update : clamav (openSUSE-2020-2276)NessusSuSE Local Security Checks
high
144579SUSE SLES12 Security Update : clamav (SUSE-SU-2020:3918-1)NessusSuSE Local Security Checks
high
144237SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2020:3790-1)NessusSuSE Local Security Checks
high
143705SUSE SLES12 Security Update : clamav (SUSE-SU-2020:3729-1)NessusSuSE Local Security Checks
high
134732GLSA-202003-46 : ClamAV: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
133773Debian DLA-2108-1 : clamav security updateNessusDebian Local Security Checks
high
133005Amazon Linux AMI : clamav (ALAS-2020-1335)NessusAmazon Linux Local Security Checks
high
132746Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : clamav vulnerability (USN-4230-1)NessusUbuntu Local Security Checks
high
131993openSUSE Security Update : clamav (openSUSE-2019-2668)NessusSuSE Local Security Checks
high
131751SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2019:3177-1)NessusSuSE Local Security Checks
high
131750SUSE SLED15 / SLES15 Security Update : clamav (SUSE-SU-2019:3176-1)NessusSuSE Local Security Checks
high
131573Fedora 31 : clamav (2019-1543eae191)NessusFedora Local Security Checks
high
131462Fedora 30 : clamav (2019-dcbfe89e39)NessusFedora Local Security Checks
high
131295FreeBSD : clamav -- Denial-of-Service (DoS) vulnerability (6ade62d9-0f62-11ea-9673-4c72b94353b5)NessusFreeBSD Local Security Checks
high