Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-15961

Date: January 15, 2020

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Severity Score

Related Resources (10)

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html
https://security.gentoo.org/glsa/202003-46
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961
https://bugzilla.clamav.net/show_bug.cgi?id=12380
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010
https://nvd.nist.gov/vuln/detail/CVE-2019-15961
https://usn.ubuntu.com/4230-2/
https://security.alpinelinux.org/vuln/CVE-2019-15961
https://security-tracker.debian.org/tracker/CVE-2019-15961
https://www.mend.io/vulnerability-database/CVE-2019-15961

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us