CVE-2019-12420

HIGH

Apache SpamAssassin < 3.4.3 - Uncontrolled Resource Consumption

Title source: llm
STIX 2.1

Description

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

References (14)

Core 14
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2019/12/12/2
Permissions Required x_refsource_misc
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7747
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4584
Mailing List, Third Party Advisory mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Dec/27
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4237-1/
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4237-2/

Scores

CVSS v3 7.5
EPSS 0.1368
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-400
Status published
Products (4)
apache/spamassassin < 3.4.3
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
Published Dec 12, 2019
Tracked Since Feb 18, 2026