SB2019121630 - Input validation error in spamassassin (Alpine package)
Published: December 16, 2019
Security Bulletin ID
SB2019121630
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2019-12420)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing multipart email messages. A remote attacker can send a specially crafted email message and consume all available resources on the system.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=3fe10202b17cab6dd2b9eefd7e8e092864a008ab
- https://git.alpinelinux.org/aports/commit/?id=414d938b62bf425063a54567a1736a0d2fb76c8f
- https://git.alpinelinux.org/aports/commit/?id=920c66f72c3e2cc23d7aed42e9ffa0d3a355494d
- https://git.alpinelinux.org/aports/commit/?id=baee0facb0bff1fa120bd6c9b7b0454af79a3f04
- https://git.alpinelinux.org/aports/commit/?id=d41a153ca51fae77177652bcf56edc463802bab3