PT-2019-5235 · Apache+5 · Apache Spamassassin+5

Joran Dirk Greef

Published

2019-12-12

Updated

2024-06-15

CVE-2019-12420

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache SpamAssassin versions prior to 3.4.3

Description The issue is related to an insufficient mechanism for controlling used resources in Apache SpamAssassin, which can be exploited by a remote attacker to impact data integrity. A crafted message can cause excessive resource usage.

Recommendations For versions prior to 3.4.3, upgrade to SA 3.4.3 as soon as possible to resolve the issue.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2020-1004

ALT-PU-2020-1005

ALT-PU-2020-1038

ALT-PU-2020-1039

BDU:2020-01978

CESA-2020_3973

CESA-2020_4625

CVE-2019-12420

DLA-2037-1

DSA-4584-1

MGASA-2019-0406

OPENSUSE-SU-2021:0551-1

OPENSUSE-SU-2021_0551-1

OPENSUSE-SU-2024:11395-1

RHSA-2020:3973

RHSA-2020:4625

RHSA-2020_3973

RHSA-2020_4625

SUSE-SU-2021:1152-1

SUSE-SU-2021:1153-1

SUSE-SU-2021:1163-1

SUSE-SU-2021_1152-1

SUSE-SU-2021_1153-1

SUSE-SU-2021_1163-1

USN-4237-1

USN-4237-2

Affected Products

Alt Linux

Apache Spamassassin

Centos

Red Hat

Suse

Ubuntu

PT-2019-5235 · Apache+5 · Apache Spamassassin+5

CVE-2019-12420

Weakness Enumeration

Related Identifiers

Affected Products

References · 99