CVE-2019-15961

CVE-2019-15961

Name

CVE-2019-15961

Description

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010
Exploit	https://bugzilla.clamav.net/show_bug.cgi?id=12380
UBUNTU	https://usn.ubuntu.com/4230-2/
MLIST	https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html
GENTOO	https://security.gentoo.org/glsa/202003-46

Type

URI

Third Party Advisory

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

Exploit

https://bugzilla.clamav.net/show_bug.cgi?id=12380

UBUNTU

https://usn.ubuntu.com/4230-2/

MLIST

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

GENTOO

https://security.gentoo.org/glsa/202003-46

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:clamav:clamav::::::::`	clamav	>= None	<= 0.101.4
`cpe:2.3:a:clamav:clamav:0.102.0:::::::*`	clamav	== None	== 0.102.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*

clamav

>= None

<= 0.101.4

cpe:2.3:a:clamav:clamav:0.102.0:*:*:*:*:*:*:*

clamav

== None

== 0.102.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
clamav	edge-community	0.102.0-r0	None	fixed
clamav	edge-community	0.101.4-r0	None	possibly vulnerable
clamav	edge-community	0.100.3-r0	None	possibly vulnerable
clamav	edge-community	0.100.2-r0	None	possibly vulnerable
clamav	edge-community	0.100.1-r0	None	possibly vulnerable
clamav	edge-community	0.99.4-r0	None	possibly vulnerable
clamav	edge-community	0.99.3-r0	None	possibly vulnerable
clamav	3.22-community	0.102.0-r0	None	fixed
clamav	3.22-community	0.101.4-r0	None	possibly vulnerable
clamav	3.22-community	0.100.3-r0	None	possibly vulnerable
clamav	3.22-community	0.100.2-r0	None	possibly vulnerable
clamav	3.22-community	0.100.1-r0	None	possibly vulnerable
clamav	3.22-community	0.99.4-r0	None	possibly vulnerable
clamav	3.22-community	0.99.3-r0	None	possibly vulnerable
clamav	3.21-community	0.102.0-r0	None	fixed
clamav	3.20-community	0.102.0-r0	None	fixed
clamav	3.19-community	0.102.0-r0	None	fixed
clamav	3.18-community	0.102.0-r0	None	fixed
clamav	3.17-community	0.102.0-r0	None	fixed
clamav	3.12-main	0.102.0-r0	None	fixed
clamav	3.11-main	0.102.0-r0	None	fixed
clamav	3.10-main	0.100.5-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages