{"containers": {"cna": {"affected": [{"product": "ClamAV", "vendor": "ClamAV", "versions": [{"lessThanOrEqual": "0.102.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "0.101.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-19T22:06:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"}, {"tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010"}, {"name": "USN-4230-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4230-2/"}, {"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2108-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"}, {"name": "GLSA-202003-46", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-46"}], "source": {"advisory": "CSCvr56010", "defect": ["CSCvr56010"], "discovery": "USER"}, "title": "Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2019-15961", "STATE": "PUBLIC", "TITLE": "Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ClamAV", "version": {"version_data": [{"version_affected": "<=", "version_value": "0.102.0"}, {"version_affected": "<", "version_value": "0.101.4"}]}}]}, "vendor_name": "ClamAV"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20 Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.clamav.net/show_bug.cgi?id=12380", "refsource": "CISCO", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"}, {"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010", "refsource": "CISCO", "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010"}, {"name": "USN-4230-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4230-2/"}, {"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2108-1] clamav security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"}, {"name": "GLSA-202003-46", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-46"}]}, "source": {"advisory": "CSCvr56010", "defect": ["CSCvr56010"], "discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:03:32.408Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"}, {"tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010"}, {"name": "USN-4230-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4230-2/"}, {"name": "[debian-lts-announce] 20200218 [SECURITY] [DLA 2108-1] clamav security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"}, {"name": "GLSA-202003-46", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-46"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-15961", "datePublished": "2020-01-15T19:05:16", "dateReserved": "2019-09-06T00:00:00", "dateUpdated": "2024-08-05T01:03:32.408Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "matchCriteriaId": "B0BC0A3F-96C6-40A9-8FD7-FA36F7650256", "versionEndIncluding": "0.101.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:clamav:clamav:0.102.0:*:*:*:*:*:*:*", "matchCriteriaId": "38845FB7-5C4A-4E4F-81D2-F3338DEDC2BB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:11.1.1-042:*:*:*:*:*:*:*", "matchCriteriaId": "357904C5-F794-4F22-84A8-9BFDD7801166", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:email_security_appliance_firmware:11.1.2-023:*:*:*:*:*:*:*", "matchCriteriaId": "2EECA7F2-8101-445B-A8B3-ACAD1FB6BD8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition."}, {"lang": "es", "value": "Una vulnerabilidad en el m\u00f3dulo de an\u00e1lisis de correo electr\u00f3nico de Clam AntiVirus (ClamAV) Software versiones 0.102.0, 0.101.4 y anteriores, podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio en un dispositivo afectado. La vulnerabilidad es debido a rutinas de an\u00e1lisis MIME ineficientes que resultan en tiempos de an\u00e1lisis extremadamente largos de archivos de correo electr\u00f3nico con formato especial. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un archivo de correo electr\u00f3nico dise\u00f1ado hacia un dispositivo afectado. Una explotaci\u00f3n podr\u00eda permitir al atacante causar que el proceso de escaneo de ClamAV escanee el archivo de correo electr\u00f3nico dise\u00f1ado indefinidamente, resultando en una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2019-15961", "lastModified": "2022-10-19T18:54:05.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2020-01-15T19:15:13.317", "references": [{"source": "ykramarz@cisco.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380"}, {"source": "ykramarz@cisco.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-46"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4230-2/"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}