Home > Vulnerability Database > CVE-2019-15961

WhiteSource Vulnerability Database

CVE-2019-15961

Good to know:

Date: March 19, 2020

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

Severity Score

6.5

Related Resources (5)

Url: https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

Url: https://security.gentoo.org/glsa/202003-46

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15961

Url: https://bugzilla.clamav.net/show_bug.cgi?id=12380

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-15961

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

Top Fix

Upgrade Version

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

WhiteSource Vulnerability Database

We found results for “”

CVE-2019-15961

Good to know:

Date: March 19, 2020

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?