CVE-2020-3134

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0.

Related Vulnerabilities

CVE-2009-5004

MEDIUM
CVSS:6.5(Medium)

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CWE-202009

CVE-2010-2449

MEDIUM
CVSS:6.5(Medium)

Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.

CWE-202010

CVE-2010-2473

MEDIUM
CVSS:6.5(Medium)

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal si...

CWE-202010

CVE-2010-2490

MEDIUM
CVSS:6.5(Medium)

Mumble: murmur-server has DoS due to malformed client query

CWE-202010

CVE-2010-3050

MEDIUM
CVSS:6.5(Medium)

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

CWE-202010

CVE-2010-3439

MEDIUM
CVSS:6.5(Medium)

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

CWE-202010