Alpine: multiple clamav packages, multiple freshclam packages: security update to 0.100.5-r0

medium Tenable Self-Hosted Container Security Plugin ID 403841

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and
prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an
affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely
long scan times of specially formatted email files. An attacker could exploit this vulnerability by
sending a crafted email file to an affected device. An exploit could allow the attacker to cause the
ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service
condition. (CVE-2019-15961)

See Also

https://security.alpinelinux.org/vuln/CVE-2019-15961

Plugin Details

Severity: Medium

ID: 403841

Version: Revision 1.25

Type: Local

Published: 10/31/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2019-15961

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 11/24/2019

Reference Information

CVE: CVE-2019-15961