PT-2005-5260 · Flex+2 · Flex+2

Published

2005-12-31

Updated

2017-07-20

CVE-2005-4592

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions bogofilter version 0.96.2 bogolexer version 0.96.2

Description The issue is related to a heap-based buffer overflow that can be triggered by remote attackers. This occurs when the software processes words that exceed the length of the input buffer used by flex, potentially leading to a denial of service (crash) and possibly allowing the execution of arbitrary code.

Recommendations For bogofilter version 0.96.2, consider updating to a newer version that addresses this issue. For bogolexer version 0.96.2, consider updating to a newer version that addresses this issue. As a temporary workaround, consider restricting the input length to prevent the buffer overflow until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-4592

Affected Products

Bogofilter

Bogolexer

Flex

PT-2005-5260 · Flex+2 · Flex+2

CVE-2005-4592

Related Identifiers

Affected Products

References · 11