CVE-2019-12420
Description
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
13.675
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| spamassassin security update(DSA-4584-1) spamassassin_3.4.2-1~deb9u2_all.deb | Linux |
| spamassassin security update(DSA-4584-1) spamassassin_3.4.2-1+deb10u1_all.deb | Linux |
| spamassassin security update(DSA-4584-1) Debian_spamassassin_3.4.2-1+deb10u1_all.deb | Linux |
| Perl-based spam filter using text analysis (USN-4237-1) spamassassin_3.4.2-0ubuntu0.16.04.2_all.deb | Linux |
| Perl-based spam filter using text analysis (USN-4237-1) spamassassin_3.4.2-0ubuntu0.18.04.2_all.deb | Linux |
| Perl-based spam filter using text analysis (USN-4237-1) spamassassin_3.4.2-1ubuntu0.19.04.1_all.deb | Linux |
| Perl-based spam filter using text analysis (USN-4237-1) spamassassin_3.4.2-1ubuntu0.19.10.1_all.deb | Linux |
| (RHSA-2020:3973) spamassassin security update spamassassin-3.4.0-6.el7.x86_64.rpm | Linux |
| (RHSA-2020:4625) spamassassin security update spamassassin-3.4.2-10.el8.x86_64.rpm | Linux |
| (RHSA-2020:4625) spamassassin security update spamassassin-debugsource-3.4.2-10.el8.x86_64.rpm | Linux |
| SUSE-SU-2021:1152-1(SUSE Linux Enterprise Server 12-SP5 ) perl-Mail-SpamAssassin-3.4.5-44.13.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1152-1(SUSE Linux Enterprise Server 12-SP5 ) spamassassin-debuginfo-3.4.5-44.13.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1152-1(SUSE Linux Enterprise Server 12-SP5 ) spamassassin-debugsource-3.4.5-44.13.1.x86_64.rpm | Linux |
| (CESA-2020:3973) spamassassin security update spamassassin-3.4.0-6.el7.x86_64.rpm | Linux |
| SUSE-SU-2021:1152-1(SUSE Linux Enterprise Server 12-SP5 ) spamassassin-3.4.5-44.13.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1163-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) spamassassin-3.4.5-12.10.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1163-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) perl-Mail-SpamAssassin-3.4.5-12.10.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1163-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) spamassassin-debuginfo-3.4.5-12.10.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1163-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) spamassassin-debugsource-3.4.5-12.10.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1163-1(SUSE Linux Enterprise Module for Development Tools 15-SP3 ) perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1.x86_64.rpm | Linux |
| (RHSA-2020:3973)Moderate: security update spamassassin-debuginfo-3.4.0-6.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234