CVE-2009-1391

Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service hang or crash via a crafted zlib compressed stream that triggers a...

CVE-2007-1673

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service infinite loop via a ZOO archive with a direntry structure that points to a previous file...

CVE-2007-1673

unzoo.c, as used in multiple products including AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service infinite loop via a ZOO archive with a direntry structure that points to a previous file...

CVE-2007-1673

CVE-2007-1673 concerns unzoo.c (used in AMaViS 2.4.1 and older) where a ZOO archive direntry can reference a previously processed file, causing an infinite loop DoS. The root cause is a mismanaged traversal of direntries (next pointers) that may loop, leading to 100% CPU or blocking behavior when...

CVE-2007-1673

Removed by vendor...

Code injection

zoo decoder 2.10 zoo-2.10, as used in multiple products including 1 Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, 2 Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and 3 AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service infinit...

CVE-2007-1669

CVE-2007-1669 describes a DoS in zoo-2.10-based ZOO archive parsing: a direntry that points to a previously processed file can trigger an infinite loop, causing 100% CPU or service unavailability. Affected products include Barracuda Spam Firewall (firmware 3.4+ with virusdef before 2.0.6399, and ...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

Code injection

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

CVE-2007-2026 concerns the file package (GNU regex in file 4.20). A context-dependent attacker can cause CPU denial of service by feeding a crafted document with many line feeds; OS/2 REXX regex handling is implicated. Public fixes are noted in Debian advisories (fixed in 4.17-5etch3 for etch and...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2002-1109

securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service CPU consumption via a malformed TAR file, possibly via an incorrect file size parameter...

Amavis 0.1.6 - Header Parsing Mail Relaying

Amavis 0.1.6 - Header Parsing Mail Relaying source: https://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220...

Amavis 0.1.6 - Header Parsing Mail Relaying

source: https://www.securityfocus.com/bid/7306/info It has been reported that some versions of Amavis-ng do not properly interact with Postfix. Because of this, an attacker may be able to circumvent relay restrictions. telnet somemx.domain.tld 25 220 somemx.example.com ESMTP Postfix helo amavis-n...

CVE-2002-1109

securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service CPU consumption via a malformed TAR file, possibly via an incorrect file size parameter...

Amavis tar DoS

Malcrafted tar file causes program to hang...

GLSA: amavis

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT - - -------------------------------------------------------------------- PACKAGE :amavis SUMMARY :possible dos DATE :2002-09-05 10:30 UTC - -...

CVE-1999-1512

The CVE-1999-1512 entry concerns the AMaViS virus scanner, specifically versions 0.2.0-pre4 and earlier. The documented vulnerability allows remote attackers to execute arbitrary commands as root by sending an infected mail message containing shell metacharacters in the reply-to field. The availa...

CVE-1999-1512

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field...