bogofilter -- RFC 2047 decoder denial-of-service vulnerability

2004-10-0900:00:00

vuxml.freebsd.org

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

The bogofilter team has been provided with a test case of a
malformatted (non-conformant) RFC-2047 encoded word that can cause
bogofilter versions 0.92.7 and prior to try to write a NUL byte into
a memory location that is either one byte past the end of a flex
buffer or to a location that is the negative of the encoded word’s
start of payload data, causing a segmentation fault.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchbogofilter= 0.17.4UNKNOWN
FreeBSDanynoarchbogofilter< 0.92.8UNKNOWN
FreeBSDanynoarchbogofilter-qdbm= 0.17.4UNKNOWN
FreeBSDanynoarchbogofilter-qdbm< 0.92.8UNKNOWN
FreeBSDanynoarchbogofilter-tdb= 0.17.4UNKNOWN
FreeBSDanynoarchbogofilter-tdb< 0.92.8UNKNOWN
FreeBSDanynoarchru-bogofilter= 0.17.4UNKNOWN
FreeBSDanynoarchru-bogofilter< 0.92.8UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	bogofilter	= 0.17.4	UNKNOWN
FreeBSD	any	noarch	bogofilter	< 0.92.8	UNKNOWN
FreeBSD	any	noarch	bogofilter-qdbm	= 0.17.4	UNKNOWN
FreeBSD	any	noarch	bogofilter-qdbm	< 0.92.8	UNKNOWN
FreeBSD	any	noarch	bogofilter-tdb	= 0.17.4	UNKNOWN
FreeBSD	any	noarch	bogofilter-tdb	< 0.92.8	UNKNOWN
FreeBSD	any	noarch	ru-bogofilter	= 0.17.4	UNKNOWN
FreeBSD	any	noarch	ru-bogofilter	< 0.92.8	UNKNOWN