PT-2010-4058 · Bogofilter+1 · Bogofilter+2

Published

2010-07-08

Updated

2013-02-14

CVE-2010-2494

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions bogofilter versions prior to 1.2.2 bogolexer versions prior to 1.2.2

Description The issue is related to multiple buffer underflows in the base64 decoder. This can be exploited by remote attackers via an e-mail message containing invalid base64 data that starts with an = (equals) character, leading to a denial of service due to heap memory corruption and application crash.

Recommendations For bogofilter versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. For bogolexer versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-2494

OPENSUSE-SU-2012_1648-1

OPENSUSE-SU-2012_1650-1

OPENSUSE-SU-2013_0166-1

OPENSUSE-SU-2024:10502-1

Affected Products

Suse

Bogofilter

Bogolexer

PT-2010-4058 · Bogofilter+1 · Bogofilter+2

CVE-2010-2494

Weakness Enumeration

Related Identifiers

Affected Products

References · 30