CVE-2019-12420

HIGH

7.5

Beschreibung

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht12/12/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

apache:spamassassindebian:debian_linux

Schwachen (CWE)

CWE-400

Referenzen

http://www.openwall.com/lists/oss-security/2019/12/12/2(security@apache.org)

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747(security@apache.org)

https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E(security@apache.org)

https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E(security@apache.org)

https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E(security@apache.org)

https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E(security@apache.org)

https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E(security@apache.org)

https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E(security@apache.org)

https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html(security@apache.org)

https://seclists.org/bugtraq/2019/Dec/27(security@apache.org)

https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt(security@apache.org)

https://usn.ubuntu.com/4237-1/(security@apache.org)

https://usn.ubuntu.com/4237-2/(security@apache.org)

https://www.debian.org/security/2019/dsa-4584(security@apache.org)

http://www.openwall.com/lists/oss-security/2019/12/12/2(af854a3a-2127-422b-91ae-364da2661108)

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/5863d6c42fc9595a29566732f12348cde0ca0e41bda91695c62041de%40%3Cannounce.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/5ef362d6da12126fafc81443309ca95d872d1bfd011fe4b2699f0fe9%40%3Cusers.spamassassin.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/64cf76749956dd08f7d5b86ec9f3321f382cfd7fe717ccd1be940c92%40%3Cannounce.spamassassin.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/e3c2367351286b77a74a082e2b66b793cceefa7b6ea9dcd162db4c4b%40%3Cdev.spamassassin.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74%40%3Cusers.spamassassin.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/r3d32ebf97b1245b8237763444e911c4595d2ad5e34a1641840d8146f%40%3Cusers.spamassassin.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Dec/27(af854a3a-2127-422b-91ae-364da2661108)

https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.3.txt(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4237-1/(af854a3a-2127-422b-91ae-364da2661108)

https://usn.ubuntu.com/4237-2/(af854a3a-2127-422b-91ae-364da2661108)

https://www.debian.org/security/2019/dsa-4584(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.