CVE-2019-15961

2019-11-2500:00:00

ubuntu.com

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.017 Low

EPSS

Percentile

87.9%

JSON

A vulnerability in the email parsing module Clam AntiVirus (ClamAV)
Software versions 0.102.0, 0.101.4 and prior could allow an
unauthenticated, remote attacker to cause a denial of service condition on
an affected device. The vulnerability is due to inefficient MIME parsing
routines that result in extremely long scan times of specially formatted
email files. An attacker could exploit this vulnerability by sending a
crafted email file to an affected device. An exploit could allow the
attacker to cause the ClamAV scanning process to scan the crafted email
file indefinitely, resulting in a denial of service condition.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945265>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchclamav< 0.102.1+dfsg-0ubuntu0.18.04.2UNKNOWN
ubuntu19.04noarchclamav< 0.102.1+dfsg-0ubuntu0.19.04.2UNKNOWN
ubuntu19.10noarchclamav< 0.102.1+dfsg-0ubuntu0.19.10.2UNKNOWN
ubuntu14.04noarchclamav< 0.102.1+dfsg-0ubuntu0.14.04.1+esm1UNKNOWN
ubuntu16.04noarchclamav< 0.102.1+dfsg-0ubuntu0.16.04.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	clamav	< 0.102.1+dfsg-0ubuntu0.18.04.2	UNKNOWN
ubuntu	19.04	noarch	clamav	< 0.102.1+dfsg-0ubuntu0.19.04.2	UNKNOWN
ubuntu	19.10	noarch	clamav	< 0.102.1+dfsg-0ubuntu0.19.10.2	UNKNOWN
ubuntu	14.04	noarch	clamav	< 0.102.1+dfsg-0ubuntu0.14.04.1+esm1	UNKNOWN
ubuntu	16.04	noarch	clamav	< 0.102.1+dfsg-0ubuntu0.16.04.2	UNKNOWN