Apache · Apache Spamassassin · CVE-2019-12420
**Name of the Vulnerable Software and Affected Versions**
Apache SpamAssassin versions prior to 3.4.3
**Description**
The issue is related to an insufficient mechanism for controlling used resources in Apache SpamAssassin, which can be exploited by a remote attacker to impact data integrity. A crafted message can cause excessive resource usage.
**Recommendations**
For versions prior to 3.4.3, upgrade to SA 3.4.3 as soon as possible to resolve the issue.