PT-2019-14495 · Clam Antivirus+3 · Clamav+3

Publicado

2019-11-21

·

Atualizado

2026-02-06

·

CVE-2019-15961

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) versions 0.102.0, 0.101.4 and prior
Description A vulnerability in the email parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this by sending a crafted email file to an affected device, allowing the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
Recommendations For versions 0.102.0 and prior, update to version 0.102.1 or later. For version 0.101.4 and prior, update to version 0.101.5 or later. As a temporary workaround, consider restricting the processing of specially formatted email files until a patch is applied.

Exploit

Correção

DoS

Resource Exhaustion

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-20

Identificadores relacionados

ALT-PU-2019-3192
ALT-PU-2019-3203
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-15961
DLA-2108-1
MGASA-2019-0361
OESA-2021-1080
OPENSUSE-SU-2019:2668-1
OPENSUSE-SU-2019_2668-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:14236-1
SUSE-SU-2019:3176-1
SUSE-SU-2019:3177-1
SUSE-SU-2019_14236-1
SUSE-SU-2019_3176-1
SUSE-SU-2019_3177-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020:3918-1
USN-4230-1
USN-4230-2

Produtos afetados

Alt Linux
Clamav
Suse
Ubuntu