Lucene search

FreeBSDB747B2A9-7BE0-11DA-8EC4-0002B3B60E4C

HistoryOct 23, 2005 - 12:00 a.m.

bogofilter -- heap corruption through excessively long words

2005-10-2300:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.106 Low

EPSS

Percentile

95.1%

JSON

Matthias Andree reports:

Bogofilter’s/bogolexer’s input handling in version 0.96.2 was not
keeping track of its output buffers properly and could overrun a
heap buffer if the input contained words whose length exceeded
16,384 bytes, the size of flex’s input buffer. A “word” here refers
to a contiguous run of input octets that was not ‘_’ and did not
match at least one of ispunct(), iscntrl() or isspace().

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbogofilter= 0.96.2UNKNOWN
FreeBSDanynoarchbogofilter< 0.96.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bogofilter	= 0.96.2	UNKNOWN
FreeBSD	any	noarch	bogofilter	< 0.96.3	UNKNOWN

References

bogofilter.sourceforge.net/security/bogofilter-SA-2005-02

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.106 Low

EPSS

Percentile

95.1%

JSON

Related for B747B2A9-7BE0-11DA-8EC4-0002B3B60E4C