PT-2019-5235 · Apache+5 · Apache Spamassassin+5

Joran Dirk Greef

Publicado

2019-12-12

Atualizado

2024-06-15

CVE-2019-12420

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache SpamAssassin versions prior to 3.4.3

Description The issue is related to an insufficient mechanism for controlling used resources in Apache SpamAssassin, which can be exploited by a remote attacker to impact data integrity. A crafted message can cause excessive resource usage.

Recommendations For versions prior to 3.4.3, upgrade to SA 3.4.3 as soon as possible to resolve the issue.

Correção

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400

Identificadores relacionados

ALT-PU-2020-1004

ALT-PU-2020-1005

ALT-PU-2020-1038

ALT-PU-2020-1039

BDU:2020-01978

CESA-2020_3973

CESA-2020_4625

CVE-2019-12420

DLA-2037-1

DSA-4584-1

MGASA-2019-0406

OPENSUSE-SU-2021:0551-1

OPENSUSE-SU-2021_0551-1

OPENSUSE-SU-2024:11395-1

RHSA-2020:3973

RHSA-2020:4625

RHSA-2020_3973

RHSA-2020_4625

SUSE-SU-2021:1152-1

SUSE-SU-2021:1153-1

SUSE-SU-2021:1163-1

SUSE-SU-2021_1152-1

SUSE-SU-2021_1153-1

SUSE-SU-2021_1163-1

USN-4237-1

USN-4237-2

Produtos afetados

Alt Linux

Apache Spamassassin

Centos

Red Hat

Suse

Ubuntu

PT-2019-5235 · Apache+5 · Apache Spamassassin+5

CVE-2019-12420

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 99