SpamAssassin -- denial-of-service in tokenize_headers

ID 0D3A5148-F512-11D8-9837-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-08-28T00:00:00


According to the SpamAssassin 2.64 release announcement:

Security fix prevents a denial of service attack open to certain malformed messages; this DoS affects all SpamAssassin 2.5x and 2.6x versions to date.

The issue appears to be triggered by overly long message headers.